DATABASE RESOURCES PRICING ABOUT US

{"id": "PHSA-2019-0171", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Critical Photon OS Security Update - PHSA-2019-0171", "description": "Updates of ['glib', 'expat', 'oniguruma', 'libpng', 'python3', 'zeromq', 'python2', 'apache-tomcat', 'curl', 'systemd', 'unzip', 'gnupg', 'libxslt', 'libssh2'] packages of Photon OS have been released.\n", "published": "2019-08-02T00:00:00", "modified": "2019-08-02T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-171", "reporter": "Photon", "references": [], "cvelist": ["CVE-2017-12652", "CVE-2018-16890", "CVE-2018-20843", "CVE-2018-20852", "CVE-2019-10072", "CVE-2019-13012", "CVE-2019-13050", "CVE-2019-13115", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-13132", "CVE-2019-13224", "CVE-2019-13232", "CVE-2019-6454"], "immutableFields": [], "lastseen": "2022-05-13T00:40:20", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:1605", "ALSA-2020:1787", "ALSA-2020:3662", "ALSA-2020:4484", "ALSA-2020:4490", "ALSA-2020:4846", "ALSA-2021:1586"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-13232"]}, {"type": "amazon", "idList": ["ALAS-2019-1283", "ALAS-2019-1295", "ALAS-2020-1375", "ALAS-2020-1460", "ALAS-2021-1459", "ALAS2-2019-1162", "ALAS2-2019-1164", "ALAS2-2019-1288", "ALAS2-2020-1387", "ALAS2-2020-1432", "ALAS2-2020-1513", "ALAS2-2020-1528", "ALAS2-2020-1550", "ALAS2-2021-1643"]}, {"type": "apple", "idList": ["APPLE:100C3E37B89C4B8E50DE097059456EC2", "APPLE:42A8665131AAD41DD01DD2DE9BBDEBC5", "APPLE:48DFAA81838B82F0614B9A03F99F251D", "APPLE:55E539B57FA02BA1EFE4552C738DD534", "APPLE:6A4EB1E45468948358E90A8ADD9F74CC", "APPLE:819AEF513AB880D6C4F6CA66CB3C0021", "APPLE:A7712CC62807C6255D0BD32EF8FBAD67", "APPLE:HT210346", "APPLE:HT210348", "APPLE:HT210351", "APPLE:HT210353", "APPLE:HT210356", "APPLE:HT210357", "APPLE:HT210358"]}, {"type": "archlinux", "idList": ["ASA-201902-10", "ASA-201902-11", "ASA-201902-12", "ASA-201902-13", "ASA-201902-24", "ASA-201902-9"]}, {"type": "centos", "idList": ["CESA-2019:0368", "CESA-2020:1131", "CESA-2020:1132", "CESA-2020:1181", "CESA-2020:3901", "CESA-2020:3952"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0908"]}, {"type": "cisa", "idList": ["CISA:519C5EFD37846AD34AA43099C8D86620"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:057632FDE3425E82800DCEC32F03F510", "CFOUNDRY:13BA697370B05DA79A1C88E29233A25D", "CFOUNDRY:5954DE1E741BB2E48E0E028078E0D210", "CFOUNDRY:5EA8EE4734BECA5E26F0C02B2E976F48", "CFOUNDRY:719A6ED27AEEE51AFE1A714D83BE8E73", "CFOUNDRY:A8173D294B6DEC22BA8E4286E26D99DE", "CFOUNDRY:E9CE0268DAFD76AE052E27B69A06ACBD", "CFOUNDRY:EDF9B83EB83E197F691D5842752D4768", "CFOUNDRY:F06FFA2BD37C8D049603BACF49C5DBBE", "CFOUNDRY:F4A82A6B08C1BC8F71C40AB4FA993A57"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462", "CLSA-2021:1632401716", "CLSA-2021:1633442879"]}, {"type": "cve", "idList": ["CVE-2017-12652", "CVE-2018-16890", "CVE-2018-20843", "CVE-2018-20852", "CVE-2019-10072", "CVE-2019-13012", "CVE-2019-13050", "CVE-2019-13115", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-13132", "CVE-2019-13224", "CVE-2019-13232", "CVE-2019-6454"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1672-1:150F0", "DEBIAN:DLA-1684-1:394E8", "DEBIAN:DLA-1684-1:C97A5", "DEBIAN:DLA-1730-3:1714C", "DEBIAN:DLA-1730-3:E3B46", "DEBIAN:DLA-1839-1:13DB7", "DEBIAN:DLA-1839-1:728E0", "DEBIAN:DLA-1846-1:839B7", "DEBIAN:DLA-1846-1:D030F", "DEBIAN:DLA-1846-2:4EAA9", "DEBIAN:DLA-1846-2:A08F3", "DEBIAN:DLA-1849-1:F1C41", "DEBIAN:DLA-1854-1:DE45B", "DEBIAN:DLA-1854-1:F6B60", "DEBIAN:DLA-1860-1:B68F6", "DEBIAN:DLA-1860-1:DBF7E", "DEBIAN:DLA-1866-1:415BC", "DEBIAN:DLA-1866-1:D1352", "DEBIAN:DLA-1866-2:4F7E9", "DEBIAN:DLA-1866-2:95124", "DEBIAN:DLA-1889-1:E4DD0", "DEBIAN:DLA-1906-1:2D8B3", "DEBIAN:DLA-2280-1:96280", "DEBIAN:DLA-2337-1:70801", "DEBIAN:DLA-2431-1:6BC5D", "DEBIAN:DLA-2431-1:BFD58", "DEBIAN:DLA-2848-1:A1678", "DEBIAN:DSA-4386-1:8CA8C", "DEBIAN:DSA-4393-1:1615F", "DEBIAN:DSA-4393-1:211D1", "DEBIAN:DSA-4472-1:4A655", "DEBIAN:DSA-4472-1:97343", "DEBIAN:DSA-4477-1:5B2C0", "DEBIAN:DSA-4477-1:C1A86", "DEBIAN:DSA-4680-1:FCF2B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-12652", "DEBIANCVE:CVE-2018-16890", "DEBIANCVE:CVE-2018-20843", "DEBIANCVE:CVE-2018-20852", "DEBIANCVE:CVE-2019-10072", "DEBIANCVE:CVE-2019-13012", "DEBIANCVE:CVE-2019-13115", "DEBIANCVE:CVE-2019-13117", "DEBIANCVE:CVE-2019-13118", "DEBIANCVE:CVE-2019-13132", "DEBIANCVE:CVE-2019-13224", "DEBIANCVE:CVE-2019-13232", "DEBIANCVE:CVE-2019-6454"]}, {"type": "f5", "idList": ["F5:K00103182", "F5:K03314397", "F5:K08654551", "F5:K13322484", "F5:K17321505", "F5:K51011533", "F5:K80311892", "F5:K88124225", "F5:K96300145"]}, {"type": "fedora", "idList": ["FEDORA:06474609492B", "FEDORA:2C7766722DB4", "FEDORA:2F0F460F096A", "FEDORA:31ACB604BB43", "FEDORA:55212604E121", "FEDORA:55FE8604DFF9", "FEDORA:5A09262C7A37", "FEDORA:609CD6153F40", "FEDORA:61CEB60525CF", "FEDORA:6976D62A089B", "FEDORA:724A1610682D", "FEDORA:735A760C4528", "FEDORA:7CCA26069A73", "FEDORA:862A060321A8", "FEDORA:8887C6075F07", "FEDORA:8D0BB60525B8", "FEDORA:951236162FD6", "FEDORA:995AF61F9AAB", "FEDORA:9C66060323C0", "FEDORA:A0C3B66ADC4F", "FEDORA:A2CF8605771B", "FEDORA:AFDBD60E76E0", "FEDORA:B9C8D6075EE8", "FEDORA:D013361742CE", "FEDORA:D8E6160F62FB", "FEDORA:DBC4662F3455", "FEDORA:E0B4F6075B3D", "FEDORA:E66CE6076F5E", "FEDORA:E804C60D0D7B", "FEDORA:F378E608761A"]}, {"type": "freebsd", "idList": ["6954A2B0-BDA8-11EB-A04E-641C67A117D8", "714B033A-2B09-11E9-8BC3-610FD6E6CD05", "A8D87C7A-D1B1-11E9-A616-0992A4564E7C"]}, {"type": "gentoo", "idList": ["GLSA-201903-07", "GLSA-201908-17", "GLSA-201911-03", "GLSA-201911-08", "GLSA-202003-26", "GLSA-202003-58"]}, {"type": "github", "idList": ["GHSA-Q4HG-RMQ2-52Q9"]}, {"type": "githubexploit", "idList": ["9C610830-420D-566B-A8AD-A6735753E27F", "A5372B0E-E434-566F-91EF-9BAF5D8CD2DA"]}, {"type": "hackerone", "idList": ["H1:874427"]}, {"type": "ibm", "idList": ["13CEF3E699B892EB8EDD7E52729E7EE991B647FA5B215D74BD789F18036E95A9", "21FAA8B3214081B02B5CB45D8150D70F352C2BC0EC67E463FBA7D35DF6B2614C", "22FE69B31A10A2D1A4C8753B638EBDDDA55E81977EC4563B990767DDEB64861F", "231E423B28752DD6263DBEC8D8F06E8A6EC0C4DA14543D958731A02C8193E5EE", "23E1A8234CB28A1958E6B0921DBFF41F837627FC7FE0AB52E91697295E3B8DA0", "2B9868CAD288C14AFDF0F5971D15B862C2D321ABB30241C9D87CD9C59FF9BD03", "2C79ED95B1DDF725C67F241D5C01546FA0476ABBA3CE0E75B8B5CD09C4F93D6C", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "37B1C13D57560AD2D5EFC78D9765E406257D9DEC561AC751A89056CBB0B78CDF", "390281289B3F4343A1E1F6452AD13173E9D0CC35AEA58C89794C77A0CF60DD5B", "466AEBE8968668438F0AEC717CCC77A721355381F0B6FF40CAC26BC3B81A919D", "4A91EBA290B30504A8EF2EE87060FA1D3D5EF2F7A2869B4D9ACCE1C477DA4795", "54FB6726805D886796865FF32608051BEE914B969DCB3300B1E662574A92A04E", "563493FD22148652FF23560027A58E6E850DEBAE12A2D160230BFF5C0D4C93E2", "568C1946F6948551373693B819E984491EDA4324124EB255F933921898311FAA", "5B8144ECBE66D3F42C6265F0D0218BCE7B8C4F532A8F158F78E777D2EAABB546", "5F64F57560BFC926CBF0B18BFB5BAECC3BB3859068F69B1F7B77FD5966857C7A", "6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96", "6592D9252E79D347E3A4FFDDFF016AB701763D108B8568C8DAE4D38C3A52C76A", "6736B0754DF51D862A1D7BF099B989B186FC01D8A01EF0A67D8C36D1207CD38F", "6A0CE211061F295D9D98B616DAAADA0A43895F1108ACB08AF6BC99BC646F2753", "6F5E7455D08E55E4F9F3DFA8B8B618487EC9BFDDC4FCB87851672633689609AB", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "81D5F6F41E5617EDA7FF694BBE43496FC48B7577BB4C9C238127ECCCB1D40118", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "9413B45266B0A1BF4C0F9EFBF289FB6AC5322C48A1E69D09833E6DA257C8CC77", "979C1C302656B100A9230D67DC5FDA9D31E695FEDE62BEA27566840475B31B1B", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "9E63E9416444AA2DF1664209083F4A7A31363BE16B637E0BA27E1FF0733D991A", "A2E923A551C0F36BAC84848E053A3A93F2AC1141EB9D1739FE1D48A6684F5352", "A435141E9D6894F7CA102FDB03C29288BC56B476D91906B1B0E7FA8301E0D89A", "A55D0DFA2F18D4384151EBFB9D93643CE9659FA87A9690125C9A72535F9F0428", "B236D3400A0C6106EC62C77931DC3654EEBAB6EEA563B3344ECFF477FD634E81", "B37FB96EE4FA4B06328DA641D49120233F6F6FC031E87E5A21A71F34BB882B42", "BDFA432EA62E6EFDD1DA5F84B4EE926C27FCF1125443F9D0EC5005B0FEE74C89", "D11A0C2CC15BB8D7B04868F2862A15D1963924B4812649E2D326C9951AF9DCE2", "DB8E4E659E64514548095D982131905FB3A6F5608C5916769B8820AA6A05133D", "DEBC899D5E7F52BAC830D06EFF16A64417FA7A826DA06C927EAAEEF2964D3F82"]}, {"type": "ics", "idList": ["ICSA-19-099-04"]}, {"type": "kaspersky", "idList": ["KLA11526", "KLA11527", "KLA11571", "KLA11646"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "mageia", "idList": ["MGASA-2019-0253", "MGASA-2019-0260", "MGASA-2019-0274", "MGASA-2019-0313", "MGASA-2019-0323", "MGASA-2020-0029", "MGASA-2021-0033"]}, {"type": "nessus", "idList": ["700697.PASL", "AL2_ALAS-2019-1162.NASL", "AL2_ALAS-2019-1164.NASL", "AL2_ALAS-2019-1288.NASL", "AL2_ALAS-2020-1387.NASL", "AL2_ALAS-2020-1432.NASL", "AL2_ALAS-2020-1513.NASL", "AL2_ALAS-2020-1528.NASL", "AL2_ALAS-2020-1550.NASL", "AL2_ALAS-2021-1643.NASL", "ALA_ALAS-2019-1283.NASL", "ALA_ALAS-2019-1295.NASL", "ALA_ALAS-2020-1375.NASL", "ALA_ALAS-2020-1460.NASL", "ALA_ALAS-2021-1459.NASL", "ALMA_LINUX_ALSA-2020-1787.NASL", "ALMA_LINUX_ALSA-2020-4484.NASL", "ALMA_LINUX_ALSA-2020-4490.NASL", "ALMA_LINUX_ALSA-2020-4846.NASL", "ALMA_LINUX_ALSA-2021-1586.NASL", "AMAZON_CORRETTO_8_242_07_1.NASL", "APPLETV_12_4.NASL", "APPLE_IOS_124_CHECK.NBIN", "CENTOS8_RHSA-2019-0990.NASL", "CENTOS8_RHSA-2019-3701.NASL", "CENTOS8_RHSA-2020-1605.NASL", "CENTOS8_RHSA-2020-1764.NASL", "CENTOS8_RHSA-2020-1787.NASL", "CENTOS8_RHSA-2020-3662.NASL", "CENTOS8_RHSA-2020-4484.NASL", "CENTOS8_RHSA-2020-4490.NASL", "CENTOS8_RHSA-2020-4846.NASL", "CENTOS8_RHSA-2021-1586.NASL", "CENTOS_RHSA-2019-0368.NASL", "CENTOS_RHSA-2020-1131.NASL", "CENTOS_RHSA-2020-1132.NASL", "CENTOS_RHSA-2020-1181.NASL", "CENTOS_RHSA-2020-3901.NASL", "CENTOS_RHSA-2020-3952.NASL", "DEBIAN_DLA-1672.NASL", "DEBIAN_DLA-1684.NASL", "DEBIAN_DLA-1839.NASL", "DEBIAN_DLA-1846.NASL", "DEBIAN_DLA-1849.NASL", "DEBIAN_DLA-1854.NASL", "DEBIAN_DLA-1860.NASL", "DEBIAN_DLA-1866.NASL", "DEBIAN_DLA-1889.NASL", "DEBIAN_DLA-1906.NASL", "DEBIAN_DLA-2280.NASL", "DEBIAN_DLA-2337.NASL", "DEBIAN_DLA-2848.NASL", "DEBIAN_DSA-4386.NASL", "DEBIAN_DSA-4393.NASL", "DEBIAN_DSA-4472.NASL", "DEBIAN_DSA-4477.NASL", "DEBIAN_DSA-4680.NASL", "EULEROS_SA-2019-1107.NASL", "EULEROS_SA-2019-1128.NASL", "EULEROS_SA-2019-1153.NASL", "EULEROS_SA-2019-1196.NASL", "EULEROS_SA-2019-1256.NASL", "EULEROS_SA-2019-1412.NASL", "EULEROS_SA-2019-1758.NASL", "EULEROS_SA-2019-1783.NASL", "EULEROS_SA-2019-1818.NASL", "EULEROS_SA-2019-1841.NASL", "EULEROS_SA-2019-1855.NASL", "EULEROS_SA-2019-1880.NASL", "EULEROS_SA-2019-1894.NASL", "EULEROS_SA-2019-1912.NASL", "EULEROS_SA-2019-1913.NASL", "EULEROS_SA-2019-1927.NASL", "EULEROS_SA-2019-1929.NASL", "EULEROS_SA-2019-1935.NASL", "EULEROS_SA-2019-1949.NASL", "EULEROS_SA-2019-1951.NASL", "EULEROS_SA-2019-2010.NASL", "EULEROS_SA-2019-2032.NASL", "EULEROS_SA-2019-2048.NASL", "EULEROS_SA-2019-2063.NASL", "EULEROS_SA-2019-2077.NASL", "EULEROS_SA-2019-2086.NASL", "EULEROS_SA-2019-2094.NASL", "EULEROS_SA-2019-2114.NASL", "EULEROS_SA-2019-2115.NASL", "EULEROS_SA-2019-2225.NASL", "EULEROS_SA-2019-2259.NASL", "EULEROS_SA-2019-2442.NASL", "EULEROS_SA-2019-2519.NASL", "EULEROS_SA-2020-1017.NASL", "EULEROS_SA-2020-1044.NASL", "EULEROS_SA-2020-1048.NASL", "EULEROS_SA-2020-1050.NASL", "EULEROS_SA-2020-1137.NASL", "EULEROS_SA-2020-1153.NASL", "EULEROS_SA-2020-1184.NASL", "EULEROS_SA-2020-1212.NASL", "EULEROS_SA-2020-1358.NASL", "EULEROS_SA-2020-1387.NASL", "EULEROS_SA-2020-1439.NASL", "EULEROS_SA-2020-1442.NASL", "EULEROS_SA-2020-1456.NASL", "EULEROS_SA-2020-1462.NASL", "EULEROS_SA-2020-1654.NASL", "EULEROS_SA-2020-1671.NASL", "EULEROS_SA-2020-1791.NASL", "EULEROS_SA-2020-2067.NASL", "EULEROS_SA-2020-2384.NASL", "EULEROS_SA-2021-1633.NASL", "EULEROS_SA-2021-1668.NASL", "F5_BIGIP_SOL80311892.NASL", "FEDORA_2019-0D3FCAE639.NASL", "FEDORA_2019-139FCDA84D.NASL", "FEDORA_2019-18868E1715.NASL", "FEDORA_2019-2DAB60E288.NASL", "FEDORA_2019-2F259A6C0A.NASL", "FEDORA_2019-3F3D0953DB.NASL", "FEDORA_2019-43489941FF.NASL", "FEDORA_2019-4D8F9A9235.NASL", "FEDORA_2019-5409BB5E68.NASL", "FEDORA_2019-5885663621.NASL", "FEDORA_2019-74BA24605E.NASL", "FEDORA_2019-758824A3FF.NASL", "FEDORA_2019-8434288A24.NASL", "FEDORA_2019-8916B4E890.NASL", "FEDORA_2019-9D85600FC7.NASL", "FEDORA_2019-D20CE4D5A1.NASL", "FEDORA_2019-FDF6EC39B4.NASL", "FREEBSD_PKG_6954A2B0BDA811EBA04E641C67A117D8.NASL", "FREEBSD_PKG_714B033A2B0911E98BC3610FD6E6CD05.NASL", "FREEBSD_PKG_A8D87C7AD1B111E9A6160992A4564E7C.NASL", "GENTOO_GLSA-201903-07.NASL", "GENTOO_GLSA-201908-17.NASL", "GENTOO_GLSA-201911-03.NASL", "GENTOO_GLSA-201911-08.NASL", "GENTOO_GLSA-202003-26.NASL", "GENTOO_GLSA-202003-58.NASL", "IBM_HTTP_SERVER_964768.NASL", "ICLOUD_10_6.NASL", "ITUNES_12_9_6.NASL", "ITUNES_12_9_6_BANNER.NASL", "MACOSX_SECUPD2019-004.NASL", "MACOS_10_14_6.NASL", "MYSQL_5_7_27_JULY.NASL", "MYSQL_8_0_16.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_18.NASL", "NESSUS_TNS_2021_11.NASL", "NEWSTART_CGSL_NS-SA-2019-0057_SYSTEMD.NASL", "NEWSTART_CGSL_NS-SA-2020-0030_PYTHON3.NASL", "NEWSTART_CGSL_NS-SA-2020-0059_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2020-0065_UNZIP.NASL", "NEWSTART_CGSL_NS-SA-2020-0089_PYTHON3.NASL", "NEWSTART_CGSL_NS-SA-2020-0094_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2020-0098_UNZIP.NASL", "NEWSTART_CGSL_NS-SA-2021-0026_EXPAT.NASL", "NEWSTART_CGSL_NS-SA-2021-0076_GNUPG2.NASL", "NEWSTART_CGSL_NS-SA-2021-0083_EXPAT.NASL", "NEWSTART_CGSL_NS-SA-2021-0175_EXPAT.NASL", "NEWSTART_CGSL_NS-SA-2022-0053_GLIB2.NASL", "OPENSUSE-2019-1450.NASL", "OPENSUSE-2019-173.NASL", "OPENSUSE-2019-174.NASL", "OPENSUSE-2019-1749.NASL", "OPENSUSE-2019-1767.NASL", "OPENSUSE-2019-1777.NASL", "OPENSUSE-2019-1917.NASL", "OPENSUSE-2019-1988.NASL", "OPENSUSE-2019-1989.NASL", "OPENSUSE-2019-255.NASL", "OPENSUSE-2019-268.NASL", "OPENSUSE-2020-38.NASL", "OPENSUSE-2020-731.NASL", "OPENSUSE-2020-86.NASL", "ORACLELINUX_ELSA-2019-0368.NASL", "ORACLELINUX_ELSA-2019-0990.NASL", "ORACLELINUX_ELSA-2020-3662.NASL", "ORACLELINUX_ELSA-2020-3901.NASL", "ORACLELINUX_ELSA-2020-3952.NASL", "ORACLELINUX_ELSA-2020-4484.NASL", "ORACLELINUX_ELSA-2020-4490.NASL", "ORACLELINUX_ELSA-2020-5861.NASL", "ORACLELINUX_ELSA-2021-1586.NASL", "ORACLEVM_OVMSA-2020-0036.NASL", "ORACLE_HTTP_SERVER_CPU_OCT_2021.NASL", "ORACLE_JAVA_CPU_JAN_2020.NASL", "ORACLE_JAVA_CPU_JAN_2020_UNIX.NASL", "ORACLE_RDBMS_CPU_JAN_2020.NASL", "PHOTONOS_PHSA-2019-1_0-0244_APACHE.NASL", "PHOTONOS_PHSA-2019-1_0-0245_GLIB.NASL", "PHOTONOS_PHSA-2019-1_0-0245_ZEROMQ.NASL", "PHOTONOS_PHSA-2019-1_0-0246_GNUPG.NASL", "PHOTONOS_PHSA-2019-1_0-0246_LIBPNG.NASL", "PHOTONOS_PHSA-2019-1_0-0246_LIBXSLT.NASL", "PHOTONOS_PHSA-2019-1_0-0246_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0246_PYTHON3.NASL", "PHOTONOS_PHSA-2019-1_0-0246_UNZIP.NASL", "PHOTONOS_PHSA-2019-1_0-0247_EXPAT.NASL", "PHOTONOS_PHSA-2019-2_0-0171_CURL.NASL", "PHOTONOS_PHSA-2019-2_0-0171_EXPAT.NASL", "PHOTONOS_PHSA-2019-2_0-0171_GLIB.NASL", "PHOTONOS_PHSA-2019-2_0-0171_GNUPG.NASL", "PHOTONOS_PHSA-2019-2_0-0171_LIBPNG.NASL", "PHOTONOS_PHSA-2019-2_0-0171_LIBXSLT.NASL", "PHOTONOS_PHSA-2019-2_0-0171_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0171_PYTHON3.NASL", "PHOTONOS_PHSA-2019-2_0-0171_UNZIP.NASL", "PHOTONOS_PHSA-2019-2_0-0171_ZEROMQ.NASL", "PHOTONOS_PHSA-2019-3_0-0024_APACHE.NASL", "PHOTONOS_PHSA-2019-3_0-0024_GLIB.NASL", "PHOTONOS_PHSA-2019-3_0-0024_GNUPG.NASL", "PHOTONOS_PHSA-2019-3_0-0024_LIBXSLT.NASL", "PHOTONOS_PHSA-2019-3_0-0024_ONIGURUMA.NASL", "PHOTONOS_PHSA-2019-3_0-0024_PYTHON2.NASL", "PHOTONOS_PHSA-2019-3_0-0024_SYSTEMD.NASL", "PHOTONOS_PHSA-2019-3_0-0024_UNZIP.NASL", "PHOTONOS_PHSA-2019-3_0-0024_ZEROMQ.NASL", "PHOTONOS_PHSA-2019-3_0-0026_EXPAT.NASL", "PHOTONOS_PHSA-2019-3_0-0026_LIBSSH2.NASL", "PHP_7_3_9.NASL", "REDHAT-RHSA-2019-0368.NASL", "REDHAT-RHSA-2019-0457.NASL", "REDHAT-RHSA-2019-0461.NASL", "REDHAT-RHSA-2019-0990.NASL", "REDHAT-RHSA-2019-1322.NASL", "REDHAT-RHSA-2019-1502.NASL", "REDHAT-RHSA-2019-2805.NASL", "REDHAT-RHSA-2019-3701.NASL", "REDHAT-RHSA-2019-3929.NASL", "REDHAT-RHSA-2020-1131.NASL", "REDHAT-RHSA-2020-1132.NASL", "REDHAT-RHSA-2020-1181.NASL", "REDHAT-RHSA-2020-1605.NASL", "REDHAT-RHSA-2020-1764.NASL", "REDHAT-RHSA-2020-1787.NASL", "REDHAT-RHSA-2020-2486.NASL", "REDHAT-RHSA-2020-2644.NASL", "REDHAT-RHSA-2020-3662.NASL", "REDHAT-RHSA-2020-3901.NASL", "REDHAT-RHSA-2020-3952.NASL", "REDHAT-RHSA-2020-4484.NASL", "REDHAT-RHSA-2020-4490.NASL", "REDHAT-RHSA-2020-4846.NASL", "REDHAT-RHSA-2021-1586.NASL", "SLACKWARE_SSA_2019-037-01.NASL", "SL_20190221_SYSTEMD_ON_SL7_X.NASL", "SL_20200407_PYTHON3_ON_SL7_X.NASL", "SL_20200407_PYTHON_ON_SL7_X.NASL", "SL_20200407_UNZIP_ON_SL7_X.NASL", "SL_20201001_EXPAT_ON_SL7_X.NASL", "SL_20201001_LIBPNG_ON_SL7_X.NASL", "SUSE_SU-2019-0248-1.NASL", "SUSE_SU-2019-0249-1.NASL", "SUSE_SU-2019-0339-1.NASL", "SUSE_SU-2019-0424-1.NASL", "SUSE_SU-2019-0425-1.NASL", "SUSE_SU-2019-0426-1.NASL", "SUSE_SU-2019-0428-1.NASL", "SUSE_SU-2019-1265-1.NASL", "SUSE_SU-2019-1364-1.NASL", "SUSE_SU-2019-1364-2.NASL", "SUSE_SU-2019-14117-1.NASL", "SUSE_SU-2019-14142-1.NASL", "SUSE_SU-2019-1776-1.NASL", "SUSE_SU-2019-1785-1.NASL", "SUSE_SU-2019-1824-1.NASL", "SUSE_SU-2019-1830-1.NASL", "SUSE_SU-2019-1830-2.NASL", "SUSE_SU-2019-1833-1.NASL", "SUSE_SU-2019-1834-1.NASL", "SUSE_SU-2019-1835-1.NASL", "SUSE_SU-2019-1867-1.NASL", "SUSE_SU-2019-2006-1.NASL", "SUSE_SU-2019-2050-1.NASL", "SUSE_SU-2019-2091-1.NASL", "SUSE_SU-2019-2114-1.NASL", "SUSE_SU-2019-2480-1.NASL", "SUSE_SU-2019-2798-1.NASL", "SUSE_SU-2019-3060-1.NASL", "SUSE_SU-2019-3060-2.NASL", "SUSE_SU-2020-0114-1.NASL", "SUSE_SU-2020-0234-1.NASL", "SUSE_SU-2020-0302-1.NASL", "SUSE_SU-2020-0911-1.NASL", "SUSE_SU-2020-1409-1.NASL", "SUSE_SU-2020-2699-1.NASL", "TOMCAT_8_5_41.NASL", "TOMCAT_9_0_20.NASL", "UBUNTU_USN-3882-1.NASL", "UBUNTU_USN-3891-1.NASL", "UBUNTU_USN-4040-1.NASL", "UBUNTU_USN-4049-1.NASL", "UBUNTU_USN-4050-1.NASL", "UBUNTU_USN-4127-1.NASL", "UBUNTU_USN-4128-1.NASL", "UBUNTU_USN-4128-2.NASL", "UBUNTU_USN-4164-1.NASL", "UBUNTU_USN-4672-1.NASL", "UBUNTU_USN-5431-1.NASL", "UBUNTU_USN-5432-1.NASL", "WEB_APPLICATION_SCANNING_98625", "WEB_APPLICATION_SCANNING_98629", "WEB_APPLICATION_SCANNING_98682", "WEB_APPLICATION_SCANNING_98683", "WEB_APPLICATION_SCANNING_98684"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107013", "OPENVAS:1361412562310107014", "OPENVAS:1361412562310108633", "OPENVAS:1361412562310108634", "OPENVAS:1361412562310142650", "OPENVAS:1361412562310142651", "OPENVAS:1361412562310142811", "OPENVAS:1361412562310142812", "OPENVAS:1361412562310143027", "OPENVAS:1361412562310143028", "OPENVAS:1361412562310704386", "OPENVAS:1361412562310704393", "OPENVAS:1361412562310704472", "OPENVAS:1361412562310704477", "OPENVAS:1361412562310704680", "OPENVAS:1361412562310815261", "OPENVAS:1361412562310815262", "OPENVAS:1361412562310815263", "OPENVAS:1361412562310815425", "OPENVAS:1361412562310816600", "OPENVAS:1361412562310816604", "OPENVAS:1361412562310843899", "OPENVAS:1361412562310843910", "OPENVAS:1361412562310844072", "OPENVAS:1361412562310844081", "OPENVAS:1361412562310844083", "OPENVAS:1361412562310844168", "OPENVAS:1361412562310844170", "OPENVAS:1361412562310844181", "OPENVAS:1361412562310844207", "OPENVAS:1361412562310852289", "OPENVAS:1361412562310852290", "OPENVAS:1361412562310852324", "OPENVAS:1361412562310852325", "OPENVAS:1361412562310852518", "OPENVAS:1361412562310852617", "OPENVAS:1361412562310852625", "OPENVAS:1361412562310852631", "OPENVAS:1361412562310852663", "OPENVAS:1361412562310852677", "OPENVAS:1361412562310852905", "OPENVAS:1361412562310852980", "OPENVAS:1361412562310853008", "OPENVAS:1361412562310853184", "OPENVAS:1361412562310875502", "OPENVAS:1361412562310875689", "OPENVAS:1361412562310876042", "OPENVAS:1361412562310876475", "OPENVAS:1361412562310876566", "OPENVAS:1361412562310876577", "OPENVAS:1361412562310876588", "OPENVAS:1361412562310876622", "OPENVAS:1361412562310876625", "OPENVAS:1361412562310876630", "OPENVAS:1361412562310876634", "OPENVAS:1361412562310876640", "OPENVAS:1361412562310876816", "OPENVAS:1361412562310876863", "OPENVAS:1361412562310876872", "OPENVAS:1361412562310876879", "OPENVAS:1361412562310876971", "OPENVAS:1361412562310876973", "OPENVAS:1361412562310876975", "OPENVAS:1361412562310876978", "OPENVAS:1361412562310877005", "OPENVAS:1361412562310877026", "OPENVAS:1361412562310877028", "OPENVAS:1361412562310877069", "OPENVAS:1361412562310877114", "OPENVAS:1361412562310877174", "OPENVAS:1361412562310877297", "OPENVAS:1361412562310877303", "OPENVAS:1361412562310877596", "OPENVAS:1361412562310877633", "OPENVAS:1361412562310883009", "OPENVAS:1361412562310891672", "OPENVAS:1361412562310891684", "OPENVAS:1361412562310891839", "OPENVAS:1361412562310891846", "OPENVAS:1361412562310891849", "OPENVAS:1361412562310891854", "OPENVAS:1361412562310891860", "OPENVAS:1361412562310891866", "OPENVAS:1361412562310891889", "OPENVAS:1361412562310891906", "OPENVAS:1361412562310892280", "OPENVAS:1361412562311220191107", "OPENVAS:1361412562311220191128", "OPENVAS:1361412562311220191153", "OPENVAS:1361412562311220191196", "OPENVAS:1361412562311220191256", "OPENVAS:1361412562311220191412", "OPENVAS:1361412562311220191758", "OPENVAS:1361412562311220191783", "OPENVAS:1361412562311220191841", "OPENVAS:1361412562311220191855", "OPENVAS:1361412562311220191894", "OPENVAS:1361412562311220191912", "OPENVAS:1361412562311220191913", "OPENVAS:1361412562311220191927", "OPENVAS:1361412562311220191929", "OPENVAS:1361412562311220191935", "OPENVAS:1361412562311220191949", "OPENVAS:1361412562311220191951", "OPENVAS:1361412562311220192032", "OPENVAS:1361412562311220192048", "OPENVAS:1361412562311220192063", "OPENVAS:1361412562311220192077", "OPENVAS:1361412562311220192086", "OPENVAS:1361412562311220192094", "OPENVAS:1361412562311220192114", "OPENVAS:1361412562311220192115", "OPENVAS:1361412562311220192225", "OPENVAS:1361412562311220192259", "OPENVAS:1361412562311220192442", "OPENVAS:1361412562311220192519", "OPENVAS:1361412562311220201017", "OPENVAS:1361412562311220201044", "OPENVAS:1361412562311220201048", "OPENVAS:1361412562311220201050", "OPENVAS:1361412562311220201137", "OPENVAS:1361412562311220201153", "OPENVAS:1361412562311220201184", "OPENVAS:1361412562311220201212", "OPENVAS:1361412562311220201358", "OPENVAS:1361412562311220201387", "OPENVAS:1361412562311220201439", "OPENVAS:1361412562311220201442", "OPENVAS:1361412562311220201456", "OPENVAS:1361412562311220201462", "OPENVAS:1361412562311220201654", "OPENVAS:1361412562311220201671", "OPENVAS:1361412562311220201791"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813", "ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUJAN2020", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2019-5072832", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-0368", "ELSA-2019-0990", "ELSA-2019-3701", "ELSA-2019-4876", "ELSA-2019-4877", "ELSA-2019-4884", "ELSA-2020-1131", "ELSA-2020-1132", "ELSA-2020-1181", "ELSA-2020-1605", "ELSA-2020-1764", "ELSA-2020-1787", "ELSA-2020-3662", "ELSA-2020-3901", "ELSA-2020-3911", "ELSA-2020-3952", "ELSA-2020-4484", "ELSA-2020-4490", "ELSA-2020-5861", "ELSA-2021-1586"]}, {"type": "osv", "idList": ["OSV:DLA-1672-1", "OSV:DLA-1684-1", "OSV:DLA-1730-3", "OSV:DLA-1839-1", "OSV:DLA-1846-1", "OSV:DLA-1849-1", "OSV:DLA-1854-1", "OSV:DLA-1860-1", "OSV:DLA-1866-1", "OSV:DLA-1866-2", "OSV:DLA-1889-1", "OSV:DLA-1906-1", "OSV:DLA-2280-1", "OSV:DLA-2337-1", "OSV:DLA-2431-1", "OSV:DLA-2431-2", "OSV:DLA-2848-1", "OSV:DSA-4386-1", "OSV:DSA-4393-1", "OSV:DSA-4472-1", "OSV:DSA-4477-1", "OSV:DSA-4527-1", "OSV:DSA-4529-1", "OSV:DSA-4680-1", "OSV:GHSA-Q4HG-RMQ2-52Q9"]}, {"type": "photon", "idList": ["PHSA-2019-0002", "PHSA-2019-0024", "PHSA-2019-0026", "PHSA-2019-0216", "PHSA-2019-0244", "PHSA-2019-0245", "PHSA-2019-0246", "PHSA-2019-0247", "PHSA-2019-0248", "PHSA-2019-1.0-0216", "PHSA-2019-1.0-0244", "PHSA-2019-1.0-0245", "PHSA-2019-1.0-0246", "PHSA-2019-1.0-0247", "PHSA-2019-1.0-0248", "PHSA-2019-2.0-0171", "PHSA-2019-3.0-0002", "PHSA-2019-3.0-0024", "PHSA-2019-3.0-0026"]}, {"type": "redhat", "idList": ["RHSA-2019:0368", "RHSA-2019:0457", "RHSA-2019:0461", "RHSA-2019:0990", "RHSA-2019:1322", "RHSA-2019:1502", "RHSA-2019:1543", "RHSA-2019:2805", "RHSA-2019:3701", "RHSA-2019:3725", "RHSA-2019:3929", "RHSA-2019:3931", "RHSA-2019:3948", "RHSA-2020:1131", "RHSA-2020:1132", "RHSA-2020:1181", "RHSA-2020:1605", "RHSA-2020:1764", "RHSA-2020:1787", "RHSA-2020:2486", "RHSA-2020:2644", "RHSA-2020:2646", "RHSA-2020:3194", "RHSA-2020:3662", "RHSA-2020:3901", "RHSA-2020:3952", "RHSA-2020:4254", "RHSA-2020:4255", "RHSA-2020:4264", "RHSA-2020:4298", "RHSA-2020:4484", "RHSA-2020:4490", "RHSA-2020:4846", "RHSA-2020:5149", "RHSA-2020:5364", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0050", "RHSA-2021:0146", "RHSA-2021:0190", "RHSA-2021:0436", "RHSA-2021:0778", "RHSA-2021:0799", "RHSA-2021:0949", "RHSA-2021:1129", "RHSA-2021:1586", "RHSA-2021:2021", "RHSA-2021:2121", "RHSA-2021:2136", "RHSA-2021:2479", "RHSA-2021:2920", "RHSA-2021:3016", "RHSA-2021:3119", "RHSA-2022:0056", "RHSA-2022:5840", "RHSA-2022:5924"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-12652", "RH:CVE-2018-16890", "RH:CVE-2018-20843", "RH:CVE-2018-20852", "RH:CVE-2019-10072", "RH:CVE-2019-13012", "RH:CVE-2019-13050", "RH:CVE-2019-13115", "RH:CVE-2019-13117", "RH:CVE-2019-13118", "RH:CVE-2019-13132", "RH:CVE-2019-13224", "RH:CVE-2019-13232", "RH:CVE-2019-6454"]}, {"type": "rubygems", "idList": ["RUBY:NOKOGIRI-2019-13117"]}, {"type": "slackware", "idList": ["SSA-2019-037-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:0173-1", "OPENSUSE-SU-2019:0174-1", "OPENSUSE-SU-2019:0255-1", "OPENSUSE-SU-2019:0268-1", "OPENSUSE-SU-2019:1450-1", "OPENSUSE-SU-2019:1749-1", "OPENSUSE-SU-2019:1767-1", "OPENSUSE-SU-2019:1777-1", "OPENSUSE-SU-2019:1917-1", "OPENSUSE-SU-2019:1988-1", "OPENSUSE-SU-2019:1989-1", "OPENSUSE-SU-2020:0038-1", "OPENSUSE-SU-2020:0086-1", "OPENSUSE-SU-2020:0731-1"]}, {"type": "symantec", "idList": ["SMNTC-108874", "SMNTC-109323", "SMNTC-111498", "SMNTC-1765"]}, {"type": "thn", "idList": ["THN:5483F752911D643A7A952FBFA7B4B7E4"]}, {"type": "threatpost", "idList": ["THREATPOST:20EAC8CBCC0B2A55B8195EB5B485B9D6"]}, {"type": "tomcat", "idList": ["TOMCAT:045D264F03959F4DF2D140C7A3C6A05B", "TOMCAT:D3D93576ACEA30F0105FC0FE43E2BF2B"]}, {"type": "ubuntu", "idList": ["USN-3882-1", "USN-3891-1", "USN-4040-1", "USN-4040-2", "USN-4049-1", "USN-4049-2", "USN-4050-1", "USN-4088-1", "USN-4127-1", "USN-4127-2", "USN-4128-1", "USN-4128-2", "USN-4164-1", "USN-4672-1", "USN-5431-1", "USN-5432-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-12652", "UB:CVE-2018-16890", "UB:CVE-2018-20843", "UB:CVE-2018-20852", "UB:CVE-2019-10072", "UB:CVE-2019-13012", "UB:CVE-2019-13050", "UB:CVE-2019-13115", "UB:CVE-2019-13117", "UB:CVE-2019-13118", "UB:CVE-2019-13132", "UB:CVE-2019-13224", "UB:CVE-2019-13232", "UB:CVE-2019-6454"]}, {"type": "veracode", "idList": ["VERACODE:21918", "VERACODE:22876", "VERACODE:27819"]}, {"type": "zdi", "idList": ["ZDI-19-582"]}]}, "score": {"value": 1.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4846"]}, {"type": "amazon", "idList": ["ALAS-2019-1283", "ALAS-2019-1295", "ALAS-2020-1375", "ALAS2-2021-1643"]}, {"type": "apple", "idList": ["APPLE:100C3E37B89C4B8E50DE097059456EC2", "APPLE:42A8665131AAD41DD01DD2DE9BBDEBC5", "APPLE:48DFAA81838B82F0614B9A03F99F251D", "APPLE:55E539B57FA02BA1EFE4552C738DD534", "APPLE:6A4EB1E45468948358E90A8ADD9F74CC", "APPLE:819AEF513AB880D6C4F6CA66CB3C0021", "APPLE:A7712CC62807C6255D0BD32EF8FBAD67", "APPLE:HT210346", "APPLE:HT210348", "APPLE:HT210351", "APPLE:HT210353", "APPLE:HT210356", "APPLE:HT210357", "APPLE:HT210358"]}, {"type": "archlinux", "idList": ["ASA-201902-10", "ASA-201902-11", "ASA-201902-12", "ASA-201902-13", "ASA-201902-24", "ASA-201902-9"]}, {"type": "centos", "idList": ["CESA-2019:0368"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0908"]}, {"type": "cisa", "idList": ["CISA:519C5EFD37846AD34AA43099C8D86620"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:057632FDE3425E82800DCEC32F03F510", "CFOUNDRY:719A6ED27AEEE51AFE1A714D83BE8E73", "CFOUNDRY:A8173D294B6DEC22BA8E4286E26D99DE", "CFOUNDRY:E9CE0268DAFD76AE052E27B69A06ACBD", "CFOUNDRY:EDF9B83EB83E197F691D5842752D4768", "CFOUNDRY:F06FFA2BD37C8D049603BACF49C5DBBE", "CFOUNDRY:F4A82A6B08C1BC8F71C40AB4FA993A57"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632401716"]}, {"type": "cve", "idList": ["CVE-2017-12652", "CVE-2018-16890", "CVE-2018-20852", "CVE-2019-13012", "CVE-2019-13050", "CVE-2019-13115", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-13132", "CVE-2019-13224", "CVE-2019-13232", "CVE-2019-6454"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1672-1:150F0", "DEBIAN:DLA-1684-1:394E8", "DEBIAN:DLA-1730-3:1714C", "DEBIAN:DLA-1839-1:728E0", "DEBIAN:DLA-1846-1:D030F", "DEBIAN:DLA-1846-2:A08F3", "DEBIAN:DLA-1849-1:F1C41", "DEBIAN:DLA-1854-1:F6B60", "DEBIAN:DLA-1866-2:4F7E9", "DEBIAN:DLA-1889-1:E4DD0", "DEBIAN:DLA-1906-1:2D8B3", "DEBIAN:DSA-4386-1:8CA8C", "DEBIAN:DSA-4393-1:211D1", "DEBIAN:DSA-4472-1:97343", "DEBIAN:DSA-4477-1:C1A86", "DEBIAN:DSA-4680-1:FCF2B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-16890", "DEBIANCVE:CVE-2018-20843", "DEBIANCVE:CVE-2019-13132"]}, {"type": "f5", "idList": ["F5:K00103182", "F5:K08654551", "F5:K13322484", "F5:K17321505", "F5:K51011533", "F5:K88124225"]}, {"type": "fedora", "idList": ["FEDORA:AFDBD60E76E0", "FEDORA:D013361742CE", "FEDORA:D8E6160F62FB"]}, {"type": "freebsd", "idList": ["6954A2B0-BDA8-11EB-A04E-641C67A117D8", "714B033A-2B09-11E9-8BC3-610FD6E6CD05", "A8D87C7A-D1B1-11E9-A616-0992A4564E7C"]}, {"type": "gentoo", "idList": ["GLSA-201903-07", "GLSA-201908-17", "GLSA-201911-03", "GLSA-201911-08"]}, {"type": "github", "idList": ["GHSA-Q4HG-RMQ2-52Q9"]}, {"type": "githubexploit", "idList": ["9C610830-420D-566B-A8AD-A6735753E27F", "A5372B0E-E434-566F-91EF-9BAF5D8CD2DA"]}, {"type": "hackerone", "idList": ["H1:874427"]}, {"type": "ibm", "idList": ["21FAA8B3214081B02B5CB45D8150D70F352C2BC0EC67E463FBA7D35DF6B2614C", "4A91EBA290B30504A8EF2EE87060FA1D3D5EF2F7A2869B4D9ACCE1C477DA4795", "54FB6726805D886796865FF32608051BEE914B969DCB3300B1E662574A92A04E", "568C1946F6948551373693B819E984491EDA4324124EB255F933921898311FAA", "6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96"]}, {"type": "ics", "idList": ["ICSA-19-099-04"]}, {"type": "kaspersky", "idList": ["KLA11526", "KLA11527", "KLA11571", "KLA11646"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-13117/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-13117/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-13118/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2018-16890/"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1162.NASL", "AL2_ALAS-2019-1164.NASL", "AL2_ALAS-2020-1387.NASL", "AL2_ALAS-2020-1432.NASL", "AL2_ALAS-2021-1643.NASL", "ALA_ALAS-2020-1375.NASL", "CENTOS8_RHSA-2021-1586.NASL", "CENTOS_RHSA-2019-0368.NASL", "DEBIAN_DLA-1684.NASL", "DEBIAN_DSA-4386.NASL", "DEBIAN_DSA-4393.NASL", "DEBIAN_DSA-4680.NASL", "EULEROS_SA-2019-2114.NASL", "EULEROS_SA-2019-2115.NASL", "EULEROS_SA-2019-2225.NASL", "EULEROS_SA-2019-2259.NASL", "EULEROS_SA-2020-1017.NASL", "EULEROS_SA-2020-1044.NASL", "EULEROS_SA-2020-1048.NASL", "EULEROS_SA-2020-1050.NASL", "FEDORA_2019-0D3FCAE639.NASL", "FEDORA_2019-43489941FF.NASL", "FEDORA_2019-74BA24605E.NASL", "FEDORA_2019-758824A3FF.NASL", "FEDORA_2019-8434288A24.NASL", "FREEBSD_PKG_6954A2B0BDA811EBA04E641C67A117D8.NASL", "FREEBSD_PKG_714B033A2B0911E98BC3610FD6E6CD05.NASL", "GENTOO_GLSA-201911-03.NASL", "GENTOO_GLSA-201911-08.NASL", "OPENSUSE-2019-173.NASL", "OPENSUSE-2019-174.NASL", "OPENSUSE-2020-38.NASL", "OPENSUSE-2020-731.NASL", "OPENSUSE-2020-86.NASL", "ORACLELINUX_ELSA-2019-0368.NASL", "ORACLELINUX_ELSA-2021-1586.NASL", "ORACLE_JAVA_CPU_JAN_2020.NASL", "ORACLE_JAVA_CPU_JAN_2020_UNIX.NASL", "ORACLE_RDBMS_CPU_JAN_2020.NASL", "REDHAT-RHSA-2019-0368.NASL", "REDHAT-RHSA-2019-3701.NASL", "REDHAT-RHSA-2019-3929.NASL", "REDHAT-RHSA-2020-1605.NASL", "REDHAT-RHSA-2020-1764.NASL", "REDHAT-RHSA-2020-1787.NASL", "REDHAT-RHSA-2020-3901.NASL", "REDHAT-RHSA-2020-4484.NASL", "REDHAT-RHSA-2021-1586.NASL", "SLACKWARE_SSA_2019-037-01.NASL", "SL_20190221_SYSTEMD_ON_SL7_X.NASL", "SL_20200407_PYTHON3_ON_SL7_X.NASL", "SL_20200407_PYTHON_ON_SL7_X.NASL", "SL_20200407_UNZIP_ON_SL7_X.NASL", "SUSE_SU-2019-0248-1.NASL", "SUSE_SU-2019-0249-1.NASL", "SUSE_SU-2019-0339-1.NASL", "SUSE_SU-2019-0424-1.NASL", "SUSE_SU-2019-0425-1.NASL", "SUSE_SU-2019-0426-1.NASL", "SUSE_SU-2019-0428-1.NASL", "SUSE_SU-2019-3060-1.NASL", "SUSE_SU-2020-0114-1.NASL", "UBUNTU_USN-3882-1.NASL", "UBUNTU_USN-3891-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108633", "OPENVAS:1361412562310108634", "OPENVAS:1361412562310142650", "OPENVAS:1361412562310142651", "OPENVAS:1361412562310142811", "OPENVAS:1361412562310142812", "OPENVAS:1361412562310704386", "OPENVAS:1361412562310704393", "OPENVAS:1361412562310704472", "OPENVAS:1361412562310704477", "OPENVAS:1361412562310704680", "OPENVAS:1361412562310815261", "OPENVAS:1361412562310815262", "OPENVAS:1361412562310815263", "OPENVAS:1361412562310815425", "OPENVAS:1361412562310816600", "OPENVAS:1361412562310816604", "OPENVAS:1361412562310843899", "OPENVAS:1361412562310843910", "OPENVAS:1361412562310844072", "OPENVAS:1361412562310844081", "OPENVAS:1361412562310844083", "OPENVAS:1361412562310844168", "OPENVAS:1361412562310844170", "OPENVAS:1361412562310844181", "OPENVAS:1361412562310852289", "OPENVAS:1361412562310852290", "OPENVAS:1361412562310852324", "OPENVAS:1361412562310852325", "OPENVAS:1361412562310852617", "OPENVAS:1361412562310852625", "OPENVAS:1361412562310852631", "OPENVAS:1361412562310852663", "OPENVAS:1361412562310852677", "OPENVAS:1361412562310852905", "OPENVAS:1361412562310852980", "OPENVAS:1361412562310853184", "OPENVAS:1361412562310875502", "OPENVAS:1361412562310876566", "OPENVAS:1361412562310876577", "OPENVAS:1361412562310876588", "OPENVAS:1361412562310876622", "OPENVAS:1361412562310876625", "OPENVAS:1361412562310876630", "OPENVAS:1361412562310876634", "OPENVAS:1361412562310876640", "OPENVAS:1361412562310876816", "OPENVAS:1361412562310876863", "OPENVAS:1361412562310876872", "OPENVAS:1361412562310876879", "OPENVAS:1361412562310876971", "OPENVAS:1361412562310876973", "OPENVAS:1361412562310876975", "OPENVAS:1361412562310876978", "OPENVAS:1361412562310877005", "OPENVAS:1361412562310877114", "OPENVAS:1361412562310877174", "OPENVAS:1361412562310877297", "OPENVAS:1361412562310877303", "OPENVAS:1361412562310883009", "OPENVAS:1361412562310891672", "OPENVAS:1361412562310891684", "OPENVAS:1361412562310891839", "OPENVAS:1361412562310891846", "OPENVAS:1361412562310891849", "OPENVAS:1361412562310891854", "OPENVAS:1361412562310891889", "OPENVAS:1361412562310891906", "OPENVAS:1361412562311220191256", "OPENVAS:1361412562311220192115", "OPENVAS:1361412562311220201442"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2019-5072832"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-0368", "ELSA-2019-0990", "ELSA-2019-3701", "ELSA-2020-1764", "ELSA-2020-1787", "ELSA-2021-1586"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0216", "PHSA-2019-1.0-0244", "PHSA-2019-1.0-0245", "PHSA-2019-1.0-0246", "PHSA-2019-1.0-0247", "PHSA-2019-2.0-0171", "PHSA-2019-3.0-0002", "PHSA-2019-3.0-0024", "PHSA-2019-3.0-0026"]}, {"type": "redhat", "idList": ["RHSA-2019:0368", "RHSA-2019:0457", "RHSA-2019:0461", "RHSA-2019:0990", "RHSA-2019:1502", "RHSA-2019:2805", "RHSA-2021:2021"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-12652", "RH:CVE-2018-16890", "RH:CVE-2019-10072", "RH:CVE-2019-13012", "RH:CVE-2019-13115", "RH:CVE-2019-13117", "RH:CVE-2019-13118", "RH:CVE-2019-13132", "RH:CVE-2019-13232"]}, {"type": "slackware", "idList": ["SSA-2019-037-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:0173-1", "OPENSUSE-SU-2019:0174-1", "OPENSUSE-SU-2019:0255-1", "OPENSUSE-SU-2019:0268-1", "OPENSUSE-SU-2019:1749-1", "OPENSUSE-SU-2019:1767-1", "OPENSUSE-SU-2019:1777-1", "OPENSUSE-SU-2019:1917-1", "OPENSUSE-SU-2019:1988-1", "OPENSUSE-SU-2019:1989-1", "OPENSUSE-SU-2020:0038-1", "OPENSUSE-SU-2020:0086-1", "OPENSUSE-SU-2020:0731-1"]}, {"type": "symantec", "idList": ["SMNTC-1765"]}, {"type": "thn", "idList": ["THN:5483F752911D643A7A952FBFA7B4B7E4"]}, {"type": "threatpost", "idList": ["THREATPOST:20EAC8CBCC0B2A55B8195EB5B485B9D6"]}, {"type": "tomcat", "idList": ["TOMCAT:D3D93576ACEA30F0105FC0FE43E2BF2B"]}, {"type": "ubuntu", "idList": ["USN-3882-1", "USN-3891-1", "USN-4040-1", "USN-4040-2", "USN-4049-1", "USN-4049-2", "USN-4050-1", "USN-4088-1", "USN-4127-1", "USN-4127-2", "USN-4128-1", "USN-4128-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-12652", "UB:CVE-2018-16890", "UB:CVE-2018-20843", "UB:CVE-2018-20852", "UB:CVE-2019-10072", "UB:CVE-2019-13012", "UB:CVE-2019-13050", "UB:CVE-2019-13115", "UB:CVE-2019-13117", "UB:CVE-2019-13118", "UB:CVE-2019-13132", "UB:CVE-2019-13224", "UB:CVE-2019-13232", "UB:CVE-2019-6454"]}, {"type": "zdi", "idList": ["ZDI-19-582"]}]}, "exploitation": null, "vulnersScore": 1.6}, "_state": {"dependencies": 1660004461, "score": 1659988869}, "_internal": {"score_hash": "72a4e51b0a86c5d465d6e645d09fba29"}, "affectedPackage": [{"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "7.59.0-8.ph2", "packageFilename": "curl-debuginfo-7.59.0-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "curl-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "6.0-14.ph2", "packageFilename": "unzip-6.0-14.ph2.x86_64.rpm", "operator": "lt", "packageName": "unzip"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "233-21.ph2", "packageFilename": "systemd-lang-233-21.ph2.x86_64.rpm", "operator": "lt", "packageName": "systemd-lang"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.58.3-1.ph2", "packageFilename": "glib-devel-2.58.3-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "glib-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "1.6.35-1.ph2", "packageFilename": "libpng-debuginfo-1.6.35-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "libpng-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.7.15-9.ph2", "packageFilename": "python2-devel-2.7.15-9.ph2.x86_64.rpm", "operator": "lt", "packageName": "python2-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.1.4-4.ph2", "packageFilename": "zeromq-devel-4.1.4-4.ph2.x86_64.rpm", "operator": "lt", "packageName": "zeromq-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "233-21.ph2", "packageFilename": "systemd-devel-233-21.ph2.x86_64.rpm", "operator": "lt", "packageName": "systemd-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "1.6.35-1.ph2", "packageFilename": "libpng-1.6.35-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "libpng"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "7.59.0-8.ph2", "packageFilename": "curl-libs-7.59.0-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "curl-libs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.6.5-8.ph2", "packageFilename": "python3-devel-3.6.5-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "python3-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.6.5-8.ph2", "packageFilename": "python3-libs-3.6.5-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "python3-libs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "1.6.35-1.ph2", "packageFilename": "libpng-devel-1.6.35-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "libpng-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.2.4-2.ph2", "packageFilename": "expat-libs-2.2.4-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "expat-libs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.58.3-1.ph2", "packageFilename": "glib-debuginfo-2.58.3-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "glib-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "7.59.0-8.ph2", "packageFilename": "curl-7.59.0-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "curl"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.2.17-1.ph2", "packageFilename": "gnupg-debuginfo-2.2.17-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "gnupg-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "1.9.0-1.ph2", "packageFilename": "libssh2-1.9.0-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "libssh2"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "noarch", "packageVersion": "3.6.5-8.ph2", "packageFilename": "python3-pip-3.6.5-8.ph2.noarch.rpm", "operator": "lt", "packageName": "python3-pip"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.7.15-9.ph2", "packageFilename": "python2-debuginfo-2.7.15-9.ph2.x86_64.rpm", "operator": "lt", "packageName": "python2-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "233-21.ph2", "packageFilename": "systemd-233-21.ph2.x86_64.rpm", "operator": "lt", "packageName": "systemd"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "1.1.29-6.ph2", "packageFilename": "libxslt-1.1.29-6.ph2.x86_64.rpm", "operator": "lt", "packageName": "libxslt"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.6.5-8.ph2", "packageFilename": "python3-curses-3.6.5-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "python3-curses"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "1.1.29-6.ph2", "packageFilename": "libxslt-devel-1.1.29-6.ph2.x86_64.rpm", "operator": "lt", "packageName": "libxslt-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "noarch", "packageVersion": "8.5.40-2.ph2", "packageFilename": "apache-tomcat-8.5.40-2.ph2.noarch.rpm", "operator": "lt", "packageName": "apache-tomcat"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.58.3-1.ph2", "packageFilename": "glib-schemas-2.58.3-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "glib-schemas"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.7.15-9.ph2", "packageFilename": "python2-libs-2.7.15-9.ph2.x86_64.rpm", "operator": "lt", "packageName": "python2-libs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.6.5-8.ph2", "packageFilename": "python3-xml-3.6.5-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "python3-xml"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "6.5.0-2.ph2", "packageFilename": "oniguruma-debuginfo-6.5.0-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "oniguruma-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.1.4-4.ph2", "packageFilename": "zeromq-debuginfo-4.1.4-4.ph2.x86_64.rpm", "operator": "lt", "packageName": "zeromq-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.6.5-8.ph2", "packageFilename": "python3-test-3.6.5-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "python3-test"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "7.59.0-8.ph2", "packageFilename": "curl-devel-7.59.0-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "curl-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "233-21.ph2", "packageFilename": "systemd-debuginfo-233-21.ph2.x86_64.rpm", "operator": "lt", "packageName": "systemd-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "1.1.29-6.ph2", "packageFilename": "libxslt-debuginfo-1.1.29-6.ph2.x86_64.rpm", "operator": "lt", "packageName": "libxslt-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.2.4-2.ph2", "packageFilename": "expat-2.2.4-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "expat"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "6.0-14.ph2", "packageFilename": "unzip-debuginfo-6.0-14.ph2.x86_64.rpm", "operator": "lt", "packageName": "unzip-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.1.4-4.ph2", "packageFilename": "zeromq-4.1.4-4.ph2.x86_64.rpm", "operator": "lt", "packageName": "zeromq"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.2.4-2.ph2", "packageFilename": "expat-devel-2.2.4-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "expat-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.2.17-1.ph2", "packageFilename": "gnupg-2.2.17-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "gnupg"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "noarch", "packageVersion": "3.6.5-8.ph2", "packageFilename": "python3-setuptools-3.6.5-8.ph2.noarch.rpm", "operator": "lt", "packageName": "python3-setuptools"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.7.15-9.ph2", "packageFilename": "python2-2.7.15-9.ph2.x86_64.rpm", "operator": "lt", "packageName": "python2"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "1.9.0-1.ph2", "packageFilename": "libssh2-debuginfo-1.9.0-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "libssh2-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.7.15-9.ph2", "packageFilename": "python2-test-2.7.15-9.ph2.x86_64.rpm", "operator": "lt", "packageName": "python2-test"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "1.9.0-1.ph2", "packageFilename": "libssh2-devel-1.9.0-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "libssh2-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.6.5-8.ph2", "packageFilename": "python3-debuginfo-3.6.5-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "python3-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.58.3-1.ph2", "packageFilename": "glib-2.58.3-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "glib"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.6.5-8.ph2", "packageFilename": "python3-tools-3.6.5-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "python3-tools"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.7.15-9.ph2", "packageFilename": "python2-tools-2.7.15-9.ph2.x86_64.rpm", "operator": "lt", "packageName": "python2-tools"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "6.5.0-2.ph2", "packageFilename": "oniguruma-6.5.0-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "oniguruma"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.2.4-2.ph2", "packageFilename": "expat-debuginfo-2.2.4-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "expat-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.6.5-8.ph2", "packageFilename": "python3-3.6.5-8.ph2.x86_64.rpm", "operator": "lt", "packageName": "python3"}], "vendorCvss": {"severity": "critical"}}

{"photon": [{"lastseen": "2021-11-03T21:00:03", "description": "An update of {'glib', 'libxslt', 'libpng', 'python2', 'zeromq', 'expat', 'unzip', 'gnupg', 'python3', 'curl'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-02T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-2.0-0171", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12652", "CVE-2018-16890", "CVE-2018-20843", "CVE-2018-20852", "CVE-2019-13012", "CVE-2019-13050", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-13132", "CVE-2019-13232"], "modified": "2019-08-02T00:00:00", "id": "PHSA-2019-2.0-0171", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-171", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-03T08:50:02", "description": "An update of {'python3', 'gnupg', 'unzip', 'libxslt', 'libpng', 'python2'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-07-26T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-1.0-0246", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12652", "CVE-2018-20852", "CVE-2019-13050", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-13232"], "modified": "2019-07-26T00:00:00", "id": "PHSA-2019-1.0-0246", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-246", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-13T00:23:24", "description": "Updates of ['python3', 'unzip', 'python2', 'libxslt', 'libpng', 'gnupg'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-26T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0246", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12652", "CVE-2018-20852", "CVE-2019-13050", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-13232"], "modified": "2019-07-26T00:00:00", "id": "PHSA-2019-0246", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-246", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T11:59:36", "description": "An update of {'python2', 'glib', 'libxml2', 'apache-tomcat', 'zeromq', 'libxslt', 'unzip', 'redis', 'oniguruma', 'gnupg', 'systemd', 'ntp'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-07-31T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-3.0-0024", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000858", "CVE-2018-20852", "CVE-2018-9251", "CVE-2019-10072", "CVE-2019-10192", "CVE-2019-10193", "CVE-2019-13012", "CVE-2019-13050", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-13132", "CVE-2019-13224", "CVE-2019-13232", "CVE-2019-3843", "CVE-2019-3844", "CVE-2019-6454", "CVE-2019-8936"], "modified": "2019-07-31T00:00:00", "id": "PHSA-2019-3.0-0024", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-0024", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:50:57", "description": "Updates of ['ntp', 'libxml2', 'python2', 'apache-tomcat', 'gnupg', 'redis', 'unzip', 'systemd', 'libxslt', 'glib', 'zeromq', 'oniguruma'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-31T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0024", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000858", "CVE-2018-20852", "CVE-2018-9251", "CVE-2019-10072", "CVE-2019-10192", "CVE-2019-10193", "CVE-2019-13012", "CVE-2019-13050", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-13132", "CVE-2019-13224", "CVE-2019-13232", "CVE-2019-3843", "CVE-2019-3844", "CVE-2019-6454", "CVE-2019-8936"], "modified": "2019-07-31T00:00:00", "id": "PHSA-2019-0024", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T17:50:02", "description": "An update of {'zeromq', 'glib'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-07-24T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-1.0-0245", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13012", "CVE-2019-13132"], "modified": "2019-07-24T00:00:00", "id": "PHSA-2019-1.0-0245", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-245", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:03:38", "description": "Updates of ['glib', 'linux', 'linux-esx', 'zeromq'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-24T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0245", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13012", "CVE-2019-13132", "CVE-2019-13272", "CVE-2019-15807"], "modified": "2019-07-24T00:00:00", "id": "PHSA-2019-0245", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-245", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:03:27", "description": "Updates of ['libssh2', 'libmspack', 'redis', 'expat'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-08-02T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0247", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14681", "CVE-2018-14682", "CVE-2018-20843", "CVE-2019-10192", "CVE-2019-13115"], "modified": "2019-08-02T00:00:00", "id": "PHSA-2019-0247", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-247", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2020-01-14T14:48:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for libxslt FEDORA-2019-fdf6ec39b4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877174", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877174\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:30:37 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for libxslt FEDORA-2019-fdf6ec39b4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-fdf6ec39b4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxslt'\n package(s) announced via the FEDORA-2019-fdf6ec39b4 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This C library allows to transform XML files into other XML files\n(or HTML, text, ...) using the standard XSLT stylesheet transformation\nmechanism. To use it you need to have a version of libxml2 >= 2.6.27\ninstalled. The xsltproc command is a command line interface to the XSLT engine\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.33~4.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:34:11", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-1913)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191913", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1913\");\n script_version(\"2020-01-23T12:26:30+0000\");\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:26:30 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:26:30 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-1913)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1913\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1913\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxslt' package(s) announced via the EulerOS-SA-2019-1913 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.(CVE-2019-13117)\n\nIn numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.(CVE-2019-13118)\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.28~5.h3.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-devel\", rpm:\"libxslt-devel~1.1.28~5.h3.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python\", rpm:\"libxslt-python~1.1.28~5.h3.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:34:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-1929)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191929", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191929", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1929\");\n script_version(\"2020-01-23T12:27:28+0000\");\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:27:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:27:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-1929)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1929\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1929\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxslt' package(s) announced via the EulerOS-SA-2019-1929 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.(CVE-2019-13118)\n\n\nIn numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.(CVE-2019-13117)\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.28~5.h3\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python\", rpm:\"libxslt-python~1.1.28~5.h3\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:35:46", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2032)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192032", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2032\");\n script_version(\"2020-01-23T12:31:28+0000\");\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:31:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:31:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2032)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2032\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2032\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxslt' package(s) announced via the EulerOS-SA-2019-2032 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.(CVE-2019-13117)\n\nIn numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.(CVE-2019-13118)\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.28~5.h3\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-devel\", rpm:\"libxslt-devel~1.1.28~5.h3\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python\", rpm:\"libxslt-python~1.1.28~5.h3\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:35:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2020-1017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201017", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201017", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1017\");\n script_version(\"2020-01-23T13:16:28+0000\");\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:16:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:16:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2020-1017)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1017\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1017\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxslt' package(s) announced via the EulerOS-SA-2020-1017 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.(CVE-2019-13118)\n\nIn numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.(CVE-2019-13117)\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.32~3.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-devel\", rpm:\"libxslt-devel~1.1.32~3.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-02T16:48:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-03-29T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for libxslt (FEDORA-2020-40fa1ae94b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-03-31T00:00:00", "id": "OPENVAS:1361412562310877633", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877633", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877633\");\n script_version(\"2020-03-31T10:29:41+0000\");\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-31 10:29:41 +0000 (Tue, 31 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-29 03:15:23 +0000 (Sun, 29 Mar 2020)\");\n script_name(\"Fedora: Security Advisory for libxslt (FEDORA-2020-40fa1ae94b)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-40fa1ae94b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VQOJFLOOD5HOHRDRWFPAH64RXXMSBWM\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxslt'\n package(s) announced via the FEDORA-2020-40fa1ae94b advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This C library allows to transform XML files into other XML files\n(or HTML, text, ...) using the standard XSLT stylesheet transformation\nmechanism. To use it you need to have a version of libxml2 >= 2.6.27\ninstalled. The xsltproc command is a command line interface to the XSLT engine\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.34~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-23T14:48:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-03-18T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for libxslt (FEDORA-2020-90c768a947)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-03-20T00:00:00", "id": "OPENVAS:1361412562310877596", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877596", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877596\");\n script_version(\"2020-03-20T06:19:59+0000\");\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-20 06:19:59 +0000 (Fri, 20 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-18 04:06:21 +0000 (Wed, 18 Mar 2020)\");\n script_name(\"Fedora: Security Advisory for libxslt (FEDORA-2020-90c768a947)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-90c768a947\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2DFWHGW45KMBFWEA7F757LWKTCDL4V7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxslt'\n package(s) announced via the FEDORA-2020-90c768a947 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This C library allows to transform XML files into other XML files\n(or HTML, text, ...) using the standard XSLT stylesheet transformation\nmechanism. To use it you need to have a version of libxml2 >= 2.6.27\ninstalled. The xsltproc command is a command line interface to the XSLT engine\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.34~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-02T15:44:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for libxslt USN-4164-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13118", "CVE-2019-18197", "CVE-2019-13117"], "modified": "2019-12-30T00:00:00", "id": "OPENVAS:1361412562310844207", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844207", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844207\");\n script_version(\"2019-12-30T15:50:06+0000\");\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\", \"CVE-2019-18197\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-30 15:50:06 +0000 (Mon, 30 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-23 02:01:05 +0000 (Wed, 23 Oct 2019)\");\n script_name(\"Ubuntu Update for libxslt USN-4164-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.10|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4164-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-October/005161.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxslt'\n package(s) announced via the USN-4164-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Libxslt incorrectly handled certain documents.\nAn attacker could possibly use this issue to access sensitive information.\nThis issue not affected Ubuntu 19.10. (CVE-2019-13117, CVE-2019-13118)\n\nIt was discovered that Libxslt incorrectly handled certain documents.\nAn attacker could possibly use this issue to execute arbitrary code.\n(CVE-2019-18197)\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Ubuntu 19.10, Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libxslt1.1\", ver:\"1.1.29-5ubuntu0.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libxslt1.1\", ver:\"1.1.33-0ubuntu1.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libxslt1.1\", ver:\"1.1.32-2ubuntu0.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libxslt1.1\", ver:\"1.1.28-2.1ubuntu0.3\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-03T15:26:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-29T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for libxslt (openSUSE-SU-2020:0731-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13118", "CVE-2019-18197", "CVE-2019-13117"], "modified": "2020-05-29T00:00:00", "id": "OPENVAS:1361412562310853184", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853184", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853184\");\n script_version(\"2020-05-29T08:53:11+0000\");\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\", \"CVE-2019-18197\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-29 08:53:11 +0000 (Fri, 29 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-29 03:01:01 +0000 (Fri, 29 May 2020)\");\n script_name(\"openSUSE: Security Advisory for libxslt (openSUSE-SU-2020:0731-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0731-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxslt'\n package(s) announced via the openSUSE-SU-2020:0731-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libxslt fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101).\n\n - CVE-2019-13117: Fixed a uninitialized read which allowed to discern\n whether a byte on the stack contains certain special characters\n (bsc#1140095).\n\n - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have\n led to information disclosure (bsc#1154609).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-731=1\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-debugsource\", rpm:\"libxslt-debugsource~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-devel\", rpm:\"libxslt-devel~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-tools\", rpm:\"libxslt-tools~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-tools-debuginfo\", rpm:\"libxslt-tools-debuginfo~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt1\", rpm:\"libxslt1~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt1-debuginfo\", rpm:\"libxslt1-debuginfo~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-devel-32bit\", rpm:\"libxslt-devel-32bit~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python\", rpm:\"libxslt-python~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python-debuginfo\", rpm:\"libxslt-python-debuginfo~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python-debugsource\", rpm:\"libxslt-python-debugsource~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt1-32bit\", rpm:\"libxslt1-32bit~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt1-32bit-debuginfo\", rpm:\"libxslt1-32bit-debuginfo~1.1.32~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:24:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libxslt (DLA-1860-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4610", "CVE-2016-4609", "CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891860", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891860", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891860\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-4609\", \"CVE-2016-4610\", \"CVE-2019-13117\", \"CVE-2019-13118\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-23 02:00:10 +0000 (Tue, 23 Jul 2019)\");\n script_name(\"Debian LTS: Security Advisory for libxslt (DLA-1860-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1860-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/932321\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/932320\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxslt'\n package(s) announced via the DLA-1860-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities were found in libxslt the XSLT 1.0 processing\nlibrary.\n\nCVE-2016-4610\n\nInvalid memory access leading to DoS at exsltDynMapFunction. libxslt\nallows remote attackers to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact via unknown\nvectors.\n\nCVE-2016-4609\n\nOut-of-bounds read at xmlGetLineNoInternal()\nlibxslt allows remote attackers to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact via unknown\nvectors.\n\nCVE-2019-13117\n\nAn xsl:number with certain format strings could lead to an\nuninitialized read in xsltNumberFormatInsertNumbers. This could\nallow an attacker to discern whether a byte on the stack contains\nthe characters A, a, I, i, or 0, or any other character.\n\nCVE-2019-13118\n\nA type holding grouping characters of an xsl:number instruction was\ntoo narrow and an invalid character/length combination could be\npassed to xsltNumberFormatDecimal, leading to a read of\nuninitialized stack data.\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.1.28-2+deb8u5.\n\nWe recommend that you upgrade your libxslt packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxslt1-dbg\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxslt1-dev\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxslt1.1\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxslt1\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxslt1-dbg\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xsltproc\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-15T15:39:22", "description": "The host is installed with Oracle Java SE\n and is prone to multiple security vulnerabilities.", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "openvas", "title": "Oracle Java SE Security Updates(jan2020) 02 - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16168", "CVE-2020-2585", "CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-05-12T00:00:00", "id": "OPENVAS:1361412562310816600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816600", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816600\");\n script_version(\"2020-05-12T13:57:17+0000\");\n script_cve_id(\"CVE-2019-16168\", \"CVE-2019-13117\", \"CVE-2019-13118\", \"CVE-2020-2585\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-05-12 13:57:17 +0000 (Tue, 12 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-16 13:52:50 +0530 (Thu, 16 Jan 2020)\");\n script_name(\"Oracle Java SE Security Updates(jan2020) 02 - Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle Java SE\n and is prone to multiple security vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to errors in components\n Serialization, JavaFX (libxslt), Networking, Libraries and Security.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attacker to have an impact on confidentiality, integrity and availability.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE version 8u231 (1.8.0.231)\n and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.oracle.com/security-alerts/cpujan2020.html#AppendixJAVA\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win/installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:oracle:jre\", \"cpe:/a:sun:jre\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"1.8.0\", test_version2:\"1.8.0.231\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version: \"Apply the patch\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-15T15:39:20", "description": "The host is installed with Oracle Java SE\n and is prone to multiple security vulnerabilities.", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "openvas", "title": "Oracle Java SE Security Updates(jan2020) 02 - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16168", "CVE-2020-2585", "CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-05-12T00:00:00", "id": "OPENVAS:1361412562310816604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816604", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816604\");\n script_version(\"2020-05-12T13:57:17+0000\");\n script_cve_id(\"CVE-2019-16168\", \"CVE-2019-13117\", \"CVE-2019-13118\", \"CVE-2020-2585\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-05-12 13:57:17 +0000 (Tue, 12 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-16 15:20:50 +0530 (Thu, 16 Jan 2020)\");\n script_name(\"Oracle Java SE Security Updates(jan2020) 02 - Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle Java SE\n and is prone to multiple security vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to errors in components\n Serialization, JavaFX (libxslt), Networking, Libraries and Security.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attacker to have an impact on confidentiality, integrity and availability.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE version 8u231 (1.8.0.231)\n and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.oracle.com/security-alerts/cpujan2020.html#AppendixJAVA\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Oracle/Java/JDK_or_JRE/Linux/detected\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:oracle:jre\", \"cpe:/a:sun:jre\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"1.8.0\", test_version2:\"1.8.0.231\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version: \"Apply the patch\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T16:54:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for zeromq (openSUSE-SU-2019:1767-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852625", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852625", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852625\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-13132\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-22 02:01:03 +0000 (Mon, 22 Jul 2019)\");\n script_name(\"openSUSE: Security Advisory for zeromq (openSUSE-SU-2019:1767-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1767-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00033.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zeromq'\n package(s) announced via the openSUSE-SU-2019:1767-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for zeromq fixes the following issues:\n\n - CVE-2019-13132: An unauthenticated remote attacker could have exploited\n a stack overflow vulnerability on a server that is supposed to be\n protected by encryption and authentication to potentially gain a remote\n code execution. (bsc#1140255)\n\n - Correctly mark license files as licence instead of documentation\n (bsc#1082318)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1767=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1767=1\");\n\n script_tag(name:\"affected\", value:\"'zeromq' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libzmq5\", rpm:\"libzmq5~4.2.3~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzmq5-debuginfo\", rpm:\"libzmq5-debuginfo~4.2.3~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zeromq-debugsource\", rpm:\"zeromq-debugsource~4.2.3~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zeromq-devel\", rpm:\"zeromq-devel~4.2.3~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zeromq-tools\", rpm:\"zeromq-tools~4.2.3~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zeromq-tools-debuginfo\", rpm:\"zeromq-tools-debuginfo~4.2.3~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-04T18:37:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-04T00:00:00", "type": "openvas", "title": "Fedora Update for zeromq FEDORA-2019-4d8f9a9235", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2019-10-04T00:00:00", "id": "OPENVAS:1361412562310876872", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876872", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876872\");\n script_version(\"2019-10-04T07:25:00+0000\");\n script_cve_id(\"CVE-2019-13132\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-04 07:25:00 +0000 (Fri, 04 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-04 02:29:04 +0000 (Fri, 04 Oct 2019)\");\n script_name(\"Fedora Update for zeromq FEDORA-2019-4d8f9a9235\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-4d8f9a9235\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MK7SJYDJ7MMRRRPCUN3SCSE7YK6ZSHVS\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zeromq'\n package(s) announced via the FEDORA-2019-4d8f9a9235 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The 0MQ lightweight messaging kernel is a library which extends the\nstandard socket interfaces with features traditionally provided by\nspecialized messaging middle-ware products. 0MQ sockets provide an\nabstraction of asynchronous message queues, multiple messaging\npatterns, message filtering (subscriptions), seamless access to\nmultiple transport protocols and more.\n\nThis package contains the ZeroMQ shared library.\");\n\n script_tag(name:\"affected\", value:\"'zeromq' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"zeromq\", rpm:\"zeromq~4.1.7~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-04T18:38:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-04T00:00:00", "type": "openvas", "title": "Fedora Update for zeromq FEDORA-2019-8916b4e890", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2019-10-04T00:00:00", "id": "OPENVAS:1361412562310876879", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876879", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876879\");\n script_version(\"2019-10-04T07:25:00+0000\");\n script_cve_id(\"CVE-2019-13132\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-04 07:25:00 +0000 (Fri, 04 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-04 02:29:10 +0000 (Fri, 04 Oct 2019)\");\n script_name(\"Fedora Update for zeromq FEDORA-2019-8916b4e890\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-8916b4e890\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6HINI24SL7CU6XIJWUOSGTZWEFOOL7X\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zeromq'\n package(s) announced via the FEDORA-2019-8916b4e890 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The 0MQ lightweight messaging kernel is a library which extends the\nstandard socket interfaces with features traditionally provided by\nspecialized messaging middle-ware products. 0MQ sockets provide an\nabstraction of asynchronous message queues, multiple messaging\npatterns, message filtering (subscriptions), seamless access to\nmultiple transport protocols and more.\n\nThis package contains the ZeroMQ shared library.\");\n\n script_tag(name:\"affected\", value:\"'zeromq' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"zeromq\", rpm:\"zeromq~4.3.2~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-23T15:48:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for zeromq3 USN-4050-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2019-07-23T00:00:00", "id": "OPENVAS:1361412562310844083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844083", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844083\");\n script_version(\"2019-07-23T06:55:12+0000\");\n script_cve_id(\"CVE-2019-13132\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-23 06:55:12 +0000 (Tue, 23 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-09 02:00:34 +0000 (Tue, 09 Jul 2019)\");\n script_name(\"Ubuntu Update for zeromq3 USN-4050-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.10|UBUNTU19\\.04|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4050-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-July/005000.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zeromq3'\n package(s) announced via the USN-4050-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that ZeroMQ incorrectly handled certain application metadata.\nA remote attacker could use this issue to cause ZeroMQ to crash, or possibly\nexecute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'zeromq3' package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libzmq5\", ver:\"4.2.5-2ubuntu0.2\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libzmq5\", ver:\"4.3.1-3ubuntu2.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libzmq5\", ver:\"4.2.5-1ubuntu0.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libzmq5\", ver:\"4.1.4-7ubuntu0.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:25:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-09T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for zeromq3 (DLA-1849-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891849", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891849", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891849\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-13132\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-09 02:00:08 +0000 (Tue, 09 Jul 2019)\");\n script_name(\"Debian LTS: Security Advisory for zeromq3 (DLA-1849-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00007.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1849-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zeromq3'\n package(s) announced via the DLA-1849-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a\nlightweight messaging kernel library. A remote, unauthenticated client\nconnecting to an application using the libzmq library, running with a\nsocket listening with CURVE encryption/authentication enabled, can take\nadvantage of this flaw to cause a denial of service or the execution of\narbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'zeromq3' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n4.0.5+dfsg-2+deb8u2.\n\nWe recommend that you upgrade your zeromq3 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libzmq3\", ver:\"4.0.5+dfsg-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libzmq3-dbg\", ver:\"4.0.5+dfsg-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libzmq3-dev\", ver:\"4.0.5+dfsg-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-23T15:49:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-09T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4477-1 (zeromq3 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2019-07-23T00:00:00", "id": "OPENVAS:1361412562310704477", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704477", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704477\");\n script_version(\"2019-07-23T06:55:12+0000\");\n script_cve_id(\"CVE-2019-13132\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-23 06:55:12 +0000 (Tue, 23 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-09 02:00:05 +0000 (Tue, 09 Jul 2019)\");\n script_name(\"Debian Security Advisory DSA 4477-1 (zeromq3 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(10|9)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4477.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4477-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zeromq3'\n package(s) announced via the DSA-4477-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a\nlightweight messaging kernel library. A remote, unauthenticated client\nconnecting to an application using the libzmq library, running with a\nsocket listening with CURVE encryption/authentication enabled, can take\nadvantage of this flaw to cause a denial of service or the execution of\narbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'zeromq3' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), this problem has been fixed\nin version 4.2.1-4+deb9u2.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 4.3.1-4+deb10u1.\n\nWe recommend that you upgrade your zeromq3 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libzmq3-dev\", ver:\"4.3.1-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libzmq5\", ver:\"4.3.1-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libzmq3-dev\", ver:\"4.2.1-4+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libzmq5\", ver:\"4.2.1-4+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libzmq5-dbg\", ver:\"4.2.1-4+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for zeromq FEDORA-2019-d20ce4d5a1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877297", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877297", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877297\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-13132\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:36:40 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for zeromq FEDORA-2019-d20ce4d5a1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-d20ce4d5a1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVCTNUEOFFZUNJOXFCYCF3C6Y6NDILI3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zeromq'\n package(s) announced via the FEDORA-2019-d20ce4d5a1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The 0MQ lightweight messaging kernel is a library which extends the\nstandard socket interfaces with features traditionally provided by\nspecialized messaging middle-ware products. 0MQ sockets provide an\nabstraction of asynchronous message queues, multiple messaging\npatterns, message filtering (subscriptions), seamless access to\nmultiple transport protocols and more.\n\nThis package contains the ZeroMQ shared library.\");\n\n script_tag(name:\"affected\", value:\"'zeromq' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"zeromq\", rpm:\"zeromq~4.3.2~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-22T15:51:39", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-06-19T00:00:00", "id": "OPENVAS:1361412562311220201439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201439", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1439\");\n script_version(\"2020-06-19T07:07:49+0000\");\n script_cve_id(\"CVE-2019-13232\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-19 07:07:49 +0000 (Fri, 19 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:53:30 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1439)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1439\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1439\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'unzip' package(s) announced via the EulerOS-SA-2020-1439 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)\");\n\n script_tag(name:\"affected\", value:\"'unzip' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~15.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-22T15:55:50", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-06-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1671)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-06-19T00:00:00", "id": "OPENVAS:1361412562311220201671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201671", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1671\");\n script_version(\"2020-06-19T07:07:49+0000\");\n script_cve_id(\"CVE-2019-13232\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-19 07:07:49 +0000 (Fri, 19 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-16 05:49:00 +0000 (Tue, 16 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1671)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1671\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1671\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'unzip' package(s) announced via the EulerOS-SA-2020-1671 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)\");\n\n script_tag(name:\"affected\", value:\"'unzip' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~15.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-22T16:41:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-08T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for unzip (DLA-1846-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-06-19T00:00:00", "id": "OPENVAS:1361412562310891846", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891846", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891846\");\n script_version(\"2020-06-19T07:07:49+0000\");\n script_cve_id(\"CVE-2019-13232\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-19 07:07:49 +0000 (Fri, 19 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-08 02:00:09 +0000 (Mon, 08 Jul 2019)\");\n script_name(\"Debian LTS: Security Advisory for unzip (DLA-1846-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1846-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/931433\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'unzip'\n package(s) announced via the DLA-1846-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"David Fifield discovered a way to construct non-recursive 'zip bombs'\nthat achieve a high compression ratio by overlapping files inside the\nzip container. However the output size increases quadratically in the\ninput size, reaching a compression ratio of over 28 million\n(10 MB -> 281 TB) at the limits of the zip format which can cause a\ndenial-of-service. Mark Adler provided a patch to detect and reject\nsuch zip files for the unzip program.\");\n\n script_tag(name:\"affected\", value:\"'unzip' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n6.0-16+deb8u4.\n\nWe recommend that you upgrade your unzip packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"unzip\", ver:\"6.0-16+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-22T15:54:34", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-02-24T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-06-19T00:00:00", "id": "OPENVAS:1361412562311220201137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201137", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1137\");\n script_version(\"2020-06-19T07:07:49+0000\");\n script_cve_id(\"CVE-2019-13232\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-19 07:07:49 +0000 (Fri, 19 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-24 09:07:33 +0000 (Mon, 24 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1137)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1137\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1137\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'unzip' package(s) announced via the EulerOS-SA-2020-1137 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)\");\n\n script_tag(name:\"affected\", value:\"'unzip' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~19.h8.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-22T15:54:04", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-02-25T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1184)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-06-19T00:00:00", "id": "OPENVAS:1361412562311220201184", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201184", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1184\");\n script_version(\"2020-06-19T07:07:49+0000\");\n script_cve_id(\"CVE-2019-13232\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-19 07:07:49 +0000 (Fri, 19 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:58:20 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1184)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1184\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1184\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'unzip' package(s) announced via the EulerOS-SA-2020-1184 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)\");\n\n script_tag(name:\"affected\", value:\"'unzip' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~40.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T19:29:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-18T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libonig (DLA-1854-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891854", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891854", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891854\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-13224\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-18 02:00:10 +0000 (Thu, 18 Jul 2019)\");\n script_name(\"Debian LTS: Security Advisory for libonig (DLA-1854-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1854-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/931878\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libonig'\n package(s) announced via the DLA-1854-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free in onig_new_deluxe() in regext.c allows attackers to\npotentially cause information disclosure, denial of service, or\npossibly code execution by providing a crafted regular expression. The\nattacker\nprovides a pair of a regex pattern and a string, with a multi-byte\nencoding that gets handled by onig_new_deluxe().\");\n\n script_tag(name:\"affected\", value:\"'libonig' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n5.9.5-3.2+deb8u2.\n\nWe recommend that you upgrade your libonig packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libonig-dev\", ver:\"5.9.5-3.2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libonig2\", ver:\"5.9.5-3.2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libonig2-dbg\", ver:\"5.9.5-3.2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-10T14:56:30", "description": "PHP is prone to a use-after-free vulnerability in a used third-pary library.", "cvss3": {}, "published": "2019-09-09T00:00:00", "type": "openvas", "title": "PHP 'CVE-2019-13224' Use-After-Free Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2019-09-09T00:00:00", "id": "OPENVAS:1361412562310108633", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108633", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:php:php\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108633\");\n script_version(\"2019-09-09T09:46:51+0000\");\n script_tag(name:\"last_modification\", value:\"2019-09-09 09:46:51 +0000 (Mon, 09 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-09 08:48:28 +0000 (Mon, 09 Sep 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-13224\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"PHP 'CVE-2019-13224' Use-After-Free Vulnerability (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"PHP is prone to a use-after-free vulnerability in a used third-pary library.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"This flaw allows attackers to potentially cause information disclosure, denial\n of service, or possibly code execution by providing a crafted regular expression.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to a use-after-free in onig_new_deluxe() in regext.c\n of the third-party library Oniguruma 6.9.2 which is used by PHP.\n\n The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled\n by onig_new_deluxe().\");\n\n script_tag(name:\"affected\", value:\"PHP version before 7.1.32 and 7.3.x before 7.3.9.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.1.32, 7.3.9 or later.\");\n\n script_xref(name:\"URL\", value:\"http://bugs.php.net/78380\");\n script_xref(name:\"URL\", value:\"https://www.php.net/ChangeLog-7.php#7.3.9\");\n script_xref(name:\"URL\", value:\"https://www.php.net/ChangeLog-7.php#7.1.32\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"7.1.32\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.1.32\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"7.3\", test_version2: \"7.3.8\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.3.9\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-10T14:56:30", "description": "PHP is prone to a use-after-free vulnerability in a used third-pary library.", "cvss3": {}, "published": "2019-09-09T00:00:00", "type": "openvas", "title": "PHP 'CVE-2019-13224' Use-After-Free Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2019-09-09T00:00:00", "id": "OPENVAS:1361412562310108634", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108634", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:php:php\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108634\");\n script_version(\"2019-09-09T09:46:51+0000\");\n script_tag(name:\"last_modification\", value:\"2019-09-09 09:46:51 +0000 (Mon, 09 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-09 08:48:28 +0000 (Mon, 09 Sep 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-13224\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"PHP 'CVE-2019-13224' Use-After-Free Vulnerability (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"PHP is prone to a use-after-free vulnerability in a used third-pary library.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"This flaw allows attackers to potentially cause information disclosure, denial\n of service, or possibly code execution by providing a crafted regular expression.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to a use-after-free in onig_new_deluxe() in regext.c\n of the third-party library Oniguruma 6.9.2 which is used by PHP.\n\n The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled\n by onig_new_deluxe().\");\n\n script_tag(name:\"affected\", value:\"PHP version before 7.1.32 and 7.3.x before 7.3.9.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.1.32, 7.3.9 or later.\");\n\n script_xref(name:\"URL\", value:\"http://bugs.php.net/78380\");\n script_xref(name:\"URL\", value:\"https://www.php.net/ChangeLog-7.php#7.3.9\");\n script_xref(name:\"URL\", value:\"https://www.php.net/ChangeLog-7.php#7.1.32\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"7.1.32\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.1.32\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"7.3\", test_version2: \"7.3.8\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.3.9\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:47:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-21T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for glib2 (openSUSE-SU-2019:1749-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852617", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852617", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852617\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-13012\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-21 02:00:40 +0000 (Sun, 21 Jul 2019)\");\n script_name(\"openSUSE: Security Advisory for glib2 (openSUSE-SU-2019:1749-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1749-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glib2'\n package(s) announced via the openSUSE-SU-2019:1749-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for glib2 fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2019-13012: Fixed improper restriction of file permissions when\n creating directories (bsc#1139959).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1749=1\");\n\n script_tag(name:\"affected\", value:\"'glib2' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-debugsource\", rpm:\"glib2-debugsource~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-devel\", rpm:\"glib2-devel~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-devel-debuginfo\", rpm:\"glib2-devel-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-devel-static\", rpm:\"glib2-devel-static~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-tools\", rpm:\"glib2-tools~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-tools-debuginfo\", rpm:\"glib2-tools-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgio-2_0-0\", rpm:\"libgio-2_0-0~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgio-2_0-0-debuginfo\", rpm:\"libgio-2_0-0-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgio-fam\", rpm:\"libgio-fam~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgio-fam-debuginfo\", rpm:\"libgio-fam-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libglib-2_0-0\", rpm:\"libglib-2_0-0~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libglib-2_0-0-debuginfo\", rpm:\"libglib-2_0-0-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgmodule-2_0-0\", rpm:\"libgmodule-2_0-0~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgmodule-2_0-0-debuginfo\", rpm:\"libgmodule-2_0-0-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgobject-2_0-0\", rpm:\"libgobject-2_0-0~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgobject-2_0-0-debuginfo\", rpm:\"libgobject-2_0-0-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgthread-2_0-0\", rpm:\"libgthread-2_0-0~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgthread-2_0-0-debuginfo\", rpm:\"libgthread-2_0-0-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gio-branding-upstream\", rpm:\"gio-branding-upstream~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-lang\", rpm:\"glib2-lang~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-devel-32bit\", rpm:\"glib2-devel-32bit~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-devel-32bit-debuginfo\", rpm:\"glib2-devel-32bit-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-tools-32bit\", rpm:\"glib2-tools-32bit~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glib2-tools-32bit-debuginfo\", rpm:\"glib2-tools-32bit-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgio-2_0-0-32bit\", rpm:\"libgio-2_0-0-32bit~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgio-2_0-0-32bit-debuginfo\", rpm:\"libgio-2_0-0-32bit-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgio-fam-32bit\", rpm:\"libgio-fam-32bit~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgio-fam-32bit-debuginfo\", rpm:\"libgio-fam-32bit-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libglib-2_0-0-32bit\", rpm:\"libglib-2_0-0-32bit~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libglib-2_0-0-32bit-debuginfo\", rpm:\"libglib-2_0-0-32bit-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgmodule-2_0-0-32bit\", rpm:\"libgmodule-2_0-0-32bit~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgmodule-2_0-0-32bit-debuginfo\", rpm:\"libgmodule-2_0-0-32bit-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgobject-2_0-0-32bit\", rpm:\"libgobject-2_0-0-32bit~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgobject-2_0-0-32bit-debuginfo\", rpm:\"libgobject-2_0-0-32bit-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgthread-2_0-0-32bit\", rpm:\"libgthread-2_0-0-32bit~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgthread-2_0-0-32bit-debuginfo\", rpm:\"libgthread-2_0-0-32bit-debuginfo~2.54.3~lp150.3.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-12T14:48:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for glib2.0 USN-4049-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2019-07-11T00:00:00", "id": "OPENVAS:1361412562310844081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844081", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844081\");\n script_version(\"2019-07-11T11:32:19+0000\");\n script_cve_id(\"CVE-2019-13012\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-11 11:32:19 +0000 (Thu, 11 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-09 02:00:33 +0000 (Tue, 09 Jul 2019)\");\n script_name(\"Ubuntu Update for glib2.0 USN-4049-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU18\\.10|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4049-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-July/004999.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glib2.0'\n package(s) announced via the USN-4049-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that GLib created directories and files without properly\nrestricting permissions. An attacker could possibly use this issue to access\nsensitive information.\");\n\n script_tag(name:\"affected\", value:\"'glib2.0' package(s) on Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libglib2.0-0\", ver:\"2.56.4-0ubuntu0.18.04.4\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libglib2.0-bin\", ver:\"2.56.4-0ubuntu0.18.04.4\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libglib2.0-0\", ver:\"2.58.1-2ubuntu0.2\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libglib2.0-bin\", ver:\"2.58.1-2ubuntu0.2\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libglib2.0-0\", ver:\"2.48.2-0ubuntu4.3\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libglib2.0-bin\", ver:\"2.48.2-0ubuntu4.3\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-02-26T20:43:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13050"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-25T00:00:00", "published": "2020-02-25T00:00:00", "id": "OPENVAS:1361412562311220201153", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201153", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1153)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1153\");\n script_version(\"2020-02-25T13:57:12+0000\");\n script_cve_id(\"CVE-2019-13050\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-25 13:57:12 +0000 (Tue, 25 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:57:12 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1153)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1153\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1153\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gnupg2' package(s) announced via the EulerOS-SA-2020-1153 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.(CVE-2019-13050)\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.2.9~1.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2-smime\", rpm:\"gnupg2-smime~2.2.9~1.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-26T11:47:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13050"], "description": "The remote host is missing an update for the ", "modified": "2019-07-25T00:00:00", "published": "2019-07-20T00:00:00", "id": "OPENVAS:1361412562310876588", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876588", "type": "openvas", "title": "Fedora Update for gnupg2 FEDORA-2019-2f259a6c0a", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876588\");\n script_version(\"2019-07-25T11:54:35+0000\");\n script_cve_id(\"CVE-2019-13050\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-25 11:54:35 +0000 (Thu, 25 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-20 02:15:19 +0000 (Sat, 20 Jul 2019)\");\n script_name(\"Fedora Update for gnupg2 FEDORA-2019-2f259a6c0a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-2f259a6c0a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnupg2'\n package(s) announced via the FEDORA-2019-2f259a6c0a advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GnuPG is GNU&#39, s tool for secure communication and data storage. It can\nbe used to encrypt data and to create digital signatures. It includes\nan advanced key management facility and is compliant with the proposed\nOpenPGP Internet standard as described in RFC2440 and the S/MIME\nstandard as described by several RFCs.\n\nGnuPG 2.0 is a newer version of GnuPG with additional support for\nS/MIME. It has a different design philosophy that splits\nfunctionality up into several modules. The S/MIME and smartcard functionality\nis provided by the gnupg2-smime package.\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.2.17~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "This C library allows to transform XML files into other XML files (or HTML, text, ...) using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >=3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT eng ine ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-10-29T01:28:27", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: libxslt-1.1.33-4.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2019-10-29T01:28:27", "id": "FEDORA:31ACB604BB43", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "This C library allows to transform XML files into other XML files (or HTML, text, ...) using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >=3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT eng ine ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-03-18T02:23:20", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: libxslt-1.1.34-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2020-03-18T02:23:20", "id": "FEDORA:724A1610682D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I2DFWHGW45KMBFWEA7F757LWKTCDL4V7/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "This C library allows to transform XML files into other XML files (or HTML, text, ...) using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >=3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT eng ine ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-03-26T09:48:01", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: libxslt-1.1.34-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2020-03-26T09:48:01", "id": "FEDORA:F378E608761A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5VQOJFLOOD5HOHRDRWFPAH64RXXMSBWM/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "The 0MQ lightweight messaging kernel is a library which extends the standard socket interfaces with features traditionally provided by specialized messaging middle-ware products. 0MQ sockets provide an abstraction of asynchronous message queues, multiple messaging patterns, message filtering (subscriptions), seamless access to multiple transport protocols and more. This package contains the ZeroMQ shared library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-28T00:05:31", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: zeromq-4.3.2-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13132"], "modified": "2019-09-28T00:05:31", "id": "FEDORA:8887C6075F07", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AVCTNUEOFFZUNJOXFCYCF3C6Y6NDILI3/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "The 0MQ lightweight messaging kernel is a library which extends the standard socket interfaces with features traditionally provided by specialized messaging middle-ware products. 0MQ sockets provide an abstraction of asynchronous message queues, multiple messaging patterns, message filtering (subscriptions), seamless access to multiple transport protocols and more. This package contains the ZeroMQ shared library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-10-03T01:06:05", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: zeromq-4.3.2-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13132"], "modified": "2019-10-03T01:06:05", "id": "FEDORA:B9C8D6075EE8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T6HINI24SL7CU6XIJWUOSGTZWEFOOL7X/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "The 0MQ lightweight messaging kernel is a library which extends the standard socket interfaces with features traditionally provided by specialized messaging middle-ware products. 0MQ sockets provide an abstraction of asynchronous message queues, multiple messaging patterns, message filtering (subscriptions), seamless access to multiple transport protocols and more. This package contains the ZeroMQ shared library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-10-03T02:10:05", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: zeromq-4.1.7-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13132"], "modified": "2019-10-03T02:10:05", "id": "FEDORA:9C66060323C0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MK7SJYDJ7MMRRRPCUN3SCSE7YK6ZSHVS/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2.0 is a newer version of GnuPG with additional support for S/MIME. It has a different design philosophy that splits functionality up into several modules. The S/MIME and smartcard functionali ty is provided by the gnupg2-smime package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-07-18T17:56:58", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: gnupg2-2.2.17-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13050"], "modified": "2019-07-18T17:56:58", "id": "FEDORA:5A09262C7A37", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2.0 is a newer version of GnuPG with additional support for S/MIME. It has a different design philosophy that splits functionality up into several modules. The S/MIME and smartcard functionali ty is provided by the gnupg2-smime package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-08-06T01:55:38", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: gnupg2-2.2.17-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13050"], "modified": "2019-08-06T01:55:38", "id": "FEDORA:951236162FD6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2022-08-11T14:54:47", "description": "According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.(CVE-2019-13118)\n\n - In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.(CVE-2019-13117)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-01-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : libxslt (EulerOS-SA-2020-1017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxslt", "p-cpe:/a:huawei:euleros:libxslt-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1017.NASL", "href": "https://www.tenable.com/plugins/nessus/132610", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132610);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13117\",\n \"CVE-2019-13118\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : libxslt (EulerOS-SA-2020-1017)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxslt packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In numbers.c in libxslt 1.1.33, a type holding grouping\n characters of an xsl:number instruction was too narrow\n and an invalid character/length combination could be\n passed to xsltNumberFormatDecimal, leading to a read of\n uninitialized stack data.(CVE-2019-13118)\n\n - In numbers.c in libxslt 1.1.33, an xsl:number with\n certain format strings could lead to a uninitialized\n read in xsltNumberFormatInsertNumbers. This could allow\n an attacker to discern whether a byte on the stack\n contains the characters A, a, I, i, or 0, or any other\n character.(CVE-2019-13117)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?66401d16\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxslt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxslt-1.1.32-3.h6.eulerosv2r8\",\n \"libxslt-devel-1.1.32-3.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:44:24", "description": "According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.(CVE-2019-13117)\n\n - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.(CVE-2019-13118)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-2032)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxslt", "p-cpe:/a:huawei:euleros:libxslt-devel", "p-cpe:/a:huawei:euleros:libxslt-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2032.NASL", "href": "https://www.tenable.com/plugins/nessus/129225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129225);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13117\",\n \"CVE-2019-13118\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-2032)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxslt packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In numbers.c in libxslt 1.1.33, an xsl:number with\n certain format strings could lead to a uninitialized\n read in xsltNumberFormatInsertNumbers. This could allow\n an attacker to discern whether a byte on the stack\n contains the characters A, a, I, i, or 0, or any other\n character.(CVE-2019-13117)\n\n - In numbers.c in libxslt 1.1.33, a type holding grouping\n characters of an xsl:number instruction was too narrow\n and an invalid character/length combination could be\n passed to xsltNumberFormatDecimal, leading to a read of\n uninitialized stack data.(CVE-2019-13118)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2032\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e24ac92d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxslt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxslt-1.1.28-5.h3\",\n \"libxslt-devel-1.1.28-5.h3\",\n \"libxslt-python-1.1.28-5.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:39:50", "description": "This update for libxslt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101).\n\nCVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-07-19T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2019:1867-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxslt-debugsource", "p-cpe:/a:novell:suse_linux:libxslt-tools", "p-cpe:/a:novell:suse_linux:libxslt-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libxslt1", "p-cpe:/a:novell:suse_linux:libxslt1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1867-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126809", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1867-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126809);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2019:1867-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxslt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-13118: Fixed a read of uninitialized stack data\n(bsc#1140101).\n\nCVE-2019-13117: Fixed a uninitialized read which allowed to discern\nwhether a byte on the stack contains certain special characters\n(bsc#1140095).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13118/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191867-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20ed9b4b\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1867=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1867=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1867=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libxslt-debugsource-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libxslt-tools-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libxslt-tools-debuginfo-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libxslt1-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libxslt1-32bit-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libxslt1-debuginfo-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libxslt1-debuginfo-32bit-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libxslt-debugsource-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libxslt-tools-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libxslt-tools-debuginfo-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libxslt1-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libxslt1-32bit-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libxslt1-debuginfo-1.1.28-17.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libxslt1-debuginfo-32bit-1.1.28-17.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:42:14", "description": "An update of the libxslt package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Libxslt PHSA-2019-1.0-0246", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libxslt", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0246_LIBXSLT.NASL", "href": "https://www.tenable.com/plugins/nessus/128170", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0246. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128170);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n\n script_name(english:\"Photon OS 1.0: Libxslt PHSA-2019-1.0-0246\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libxslt package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-246.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13118\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxslt-1.1.29-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxslt-debuginfo-1.1.29-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxslt-devel-1.1.29-6.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:43:05", "description": "An update of the libxslt package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Libxslt PHSA-2019-3.0-0024", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libxslt", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0024_LIBXSLT.NASL", "href": "https://www.tenable.com/plugins/nessus/128155", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0024. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128155);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n\n script_name(english:\"Photon OS 3.0: Libxslt PHSA-2019-3.0-0024\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libxslt package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0024.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13118\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"libxslt-1.1.32-4.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"libxslt-debuginfo-1.1.32-4.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"libxslt-devel-1.1.32-4.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:44:05", "description": "An update of the libxslt package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Libxslt PHSA-2019-2.0-0171", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2019-12-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libxslt", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0171_LIBXSLT.NASL", "href": "https://www.tenable.com/plugins/nessus/128719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0171. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128719);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/30\");\n\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n\n script_name(english:\"Photon OS 2.0: Libxslt PHSA-2019-2.0-0171\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libxslt package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-171.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13118\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libxslt-1.1.29-6.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libxslt-debuginfo-1.1.29-6.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libxslt-devel-1.1.29-6.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:46:32", "description": "Fixes for CVE-2019-13117, CVE-2019-13118\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-10-29T00:00:00", "type": "nessus", "title": "Fedora 31 : libxslt (2019-fdf6ec39b4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxslt", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-FDF6EC39B4.NASL", "href": "https://www.tenable.com/plugins/nessus/130353", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-fdf6ec39b4.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130353);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\");\n script_xref(name:\"FEDORA\", value:\"2019-fdf6ec39b4\");\n\n script_name(english:\"Fedora 31 : libxslt (2019-fdf6ec39b4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes for CVE-2019-13117, CVE-2019-13118\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-fdf6ec39b4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxslt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"libxslt-1.1.33-4.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:45:07", "description": "According to the versions of the libxslt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.(CVE-2019-13118)\n\n - In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.(CVE-2019-13117)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-09-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : libxslt (EulerOS-SA-2019-1929)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxslt", "p-cpe:/a:huawei:euleros:libxslt-python", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1929.NASL", "href": "https://www.tenable.com/plugins/nessus/128932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128932);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13117\",\n \"CVE-2019-13118\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : libxslt (EulerOS-SA-2019-1929)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxslt packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In numbers.c in libxslt 1.1.33, a type holding grouping\n characters of an xsl:number instruction was too narrow\n and an invalid character/length combination could be\n passed to xsltNumberFormatDecimal, leading to a read of\n uninitialized stack data.(CVE-2019-13118)\n\n - In numbers.c in libxslt 1.1.33, an xsl:number with\n certain format strings could lead to a uninitialized\n read in xsltNumberFormatInsertNumbers. This could allow\n an attacker to discern whether a byte on the stack\n contains the characters A, a, I, i, or 0, or any other\n character.(CVE-2019-13117)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1929\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?14e519ab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxslt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxslt-1.1.28-5.h3\",\n \"libxslt-python-1.1.28-5.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:44:04", "description": "According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.(CVE-2019-13117)\n\n - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.(CVE-2019-13118)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : libxslt (EulerOS-SA-2019-1913)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxslt", "p-cpe:/a:huawei:euleros:libxslt-devel", "p-cpe:/a:huawei:euleros:libxslt-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1913.NASL", "href": "https://www.tenable.com/plugins/nessus/128836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128836);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13117\",\n \"CVE-2019-13118\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libxslt (EulerOS-SA-2019-1913)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxslt packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In numbers.c in libxslt 1.1.33, an xsl:number with\n certain format strings could lead to a uninitialized\n read in xsltNumberFormatInsertNumbers. This could allow\n an attacker to discern whether a byte on the stack\n contains the characters A, a, I, i, or 0, or any other\n character.(CVE-2019-13117)\n\n - In numbers.c in libxslt 1.1.33, a type holding grouping\n characters of an xsl:number instruction was too narrow\n and an invalid character/length combination could be\n passed to xsltNumberFormatDecimal, leading to a read of\n uninitialized stack data.(CVE-2019-13118)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1913\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd2fc2f4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxslt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxslt-1.1.28-5.h3.eulerosv2r7\",\n \"libxslt-devel-1.1.28-5.h3.eulerosv2r7\",\n \"libxslt-python-1.1.28-5.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-29T16:10:46", "description": "It was discovered that Libxslt incorrectly handled certain documents.\nAn attacker could possibly use this issue to access sensitive information. This issue not affected Ubuntu 19.10. (CVE-2019-13117, CVE-2019-13118)\n\nIt was discovered that Libxslt incorrectly handled certain documents.\nAn attacker could possibly use this issue to execute arbitrary code.\n(CVE-2019-18197).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Libxslt vulnerabilities (USN-4164-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118", "CVE-2019-18197"], "modified": "2021-01-29T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxslt1.1", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4164-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4164-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130167);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/29\");\n\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\", \"CVE-2019-18197\");\n script_xref(name:\"USN\", value:\"4164-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Libxslt vulnerabilities (USN-4164-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Libxslt incorrectly handled certain documents.\nAn attacker could possibly use this issue to access sensitive\ninformation. This issue not affected Ubuntu 19.10. (CVE-2019-13117,\nCVE-2019-13118)\n\nIt was discovered that Libxslt incorrectly handled certain documents.\nAn attacker could possibly use this issue to execute arbitrary code.\n(CVE-2019-18197).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4164-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libxslt1.1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18197\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxslt1.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2021 Canonical, Inc. / NASL script (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|18\\.04|19\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 18.04 / 19.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libxslt1.1\", pkgver:\"1.1.28-2.1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libxslt1.1\", pkgver:\"1.1.29-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libxslt1.1\", pkgver:\"1.1.32-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"libxslt1.1\", pkgver:\"1.1.33-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt1.1\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-29T16:49:20", "description": "This update for libxslt fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101).\n\n - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095).\n\n - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-05-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxslt (openSUSE-2020-731)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118", "CVE-2019-18197"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxslt-debugsource", "p-cpe:/a:novell:opensuse:libxslt-devel", "p-cpe:/a:novell:opensuse:libxslt-devel-32bit", "p-cpe:/a:novell:opensuse:libxslt-python", "p-cpe:/a:novell:opensuse:libxslt-python-debuginfo", "p-cpe:/a:novell:opensuse:libxslt-python-debugsource", "p-cpe:/a:novell:opensuse:libxslt-tools", "p-cpe:/a:novell:opensuse:libxslt-tools-debuginfo", "p-cpe:/a:novell:opensuse:libxslt1", "p-cpe:/a:novell:opensuse:libxslt1-32bit", "p-cpe:/a:novell:opensuse:libxslt1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libxslt1-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-731.NASL", "href": "https://www.tenable.com/plugins/nessus/136963", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-731.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136963);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\", \"CVE-2019-18197\");\n\n script_name(english:\"openSUSE Security Update : libxslt (openSUSE-2020-731)\");\n script_summary(english:\"Check for the openSUSE-2020-731 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxslt fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-13118: Fixed a read of uninitialized stack data\n (bsc#1140101).\n\n - CVE-2019-13117: Fixed a uninitialized read which allowed\n to discern whether a byte on the stack contains certain\n special characters (bsc#1140095).\n\n - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText\n which may have led to information disclosure\n (bsc#1154609).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154609\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libxslt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18197\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxslt1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxslt-debugsource-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxslt-devel-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxslt-tools-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxslt-tools-debuginfo-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxslt1-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxslt1-debuginfo-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxslt-devel-32bit-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxslt-python-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxslt-python-debuginfo-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxslt-python-debugsource-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxslt1-32bit-1.1.32-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxslt1-32bit-debuginfo-1.1.32-lp151.3.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt-python / libxslt-python-debuginfo / etc\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-29T16:51:12", "description": "This update for libxslt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101).\n\nCVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095).\n\nCVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libxslt (SUSE-SU-2020:1409-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13117", "CVE-2019-13118", "CVE-2019-18197"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxslt-debugsource", "p-cpe:/a:novell:suse_linux:libxslt-devel", "p-cpe:/a:novell:suse_linux:libxslt-tools", "p-cpe:/a:novell:suse_linux:libxslt-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libxslt1", "p-cpe:/a:novell:suse_linux:libxslt1-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1409-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1409-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137539);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2019-13117\", \"CVE-2019-13118\", \"CVE-2019-18197\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libxslt (SUSE-SU-2020:1409-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxslt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-13118: Fixed a read of uninitialized stack data\n(bsc#1140101).\n\nCVE-2019-13117: Fixed a uninitialized read which allowed to discern\nwhether a byte on the stack contains certain special characters\n(bsc#1140095).\n\nCVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may\nhave led to information disclosure (bsc#1154609).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18197/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201409-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6fe2dfb9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1409=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18197\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxslt1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxslt-debugsource-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxslt-devel-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxslt-tools-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxslt-tools-debuginfo-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxslt1-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxslt1-debuginfo-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxslt-debugsource-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxslt-devel-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxslt-tools-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxslt-tools-debuginfo-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxslt1-1.1.32-3.8.24\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxslt1-debuginfo-1.1.32-3.8.24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:21:36", "description": "Several vulnerabilities were found in libxslt the XSLT 1.0 processing library.\n\nCVE-2016-4610\n\nInvalid memory access leading to DoS at exsltDynMapFunction. libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.\n\nCVE-2016-4609\n\nOut-of-bounds read at xmlGetLineNoInternal() libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.\n\nCVE-2019-13117\n\nAn xsl:number with certain format strings could lead to an uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.\n\nCVE-2019-13118\n\nA type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.1.28-2+deb8u5.\n\nWe recommend that you upgrade your libxslt packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Debian DLA-1860-1 : libxslt security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4609", "CVE-2016-4610", "CVE-2019-13117", "CVE-2019-13118"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxslt1-dbg", "p-cpe:/a:debian:debian_linux:libxslt1-dev", "p-cpe:/a:debian:debian_linux:libxslt1.1", "p-cpe:/a:debian:debian_linux:python-libxslt1", "p-cpe:/a:debian:debian_linux:python-libxslt1-dbg", "p-cpe:/a:debian:debian_linux:xsltproc", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1860.NASL", "href": "https://www.tenable.com/plugins/nessus/126926", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1860-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126926);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4609\", \"CVE-2016-4610\", \"CVE-2019-13117\", \"CVE-2019-13118\");\n\n script_name(english:\"Debian DLA-1860-1 : libxslt security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in libxslt the XSLT 1.0 processing\nlibrary.\n\nCVE-2016-4610\n\nInvalid memory access leading to DoS at exsltDynMapFunction. libxslt\nallows remote attackers to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact via unknown\nvectors.\n\nCVE-2016-4609\n\nOut-of-bounds read at xmlGetLineNoInternal() libxslt allows remote\nattackers to cause a denial of service (memory corruption) or possibly\nhave unspecified other impact via unknown vectors.\n\nCVE-2019-13117\n\nAn xsl:number with certain format strings could lead to an\nuninitialized read in xsltNumberFormatInsertNumbers. This could allow\nan attacker to discern whether a byte on the stack contains the\ncharacters A, a, I, i, or 0, or any other character.\n\nCVE-2019-13118\n\nA type holding grouping characters of an xsl:number instruction was\ntoo narrow and an invalid character/length combination could be passed\nto xsltNumberFormatDecimal, leading to a read of uninitialized stack\ndata.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.1.28-2+deb8u5.\n\nWe recommend that you upgrade your libxslt packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libxslt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxslt1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxslt1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxslt1.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxslt1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxslt1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xsltproc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxslt1-dbg\", reference:\"1.1.28-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxslt1-dev\", reference:\"1.1.28-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxslt1.1\", reference:\"1.1.28-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxslt1\", reference:\"1.1.28-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxslt1-dbg\", reference:\"1.1.28-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xsltproc\", reference:\"1.1.28-2+deb8u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:56:22", "description": "An update of the libssh2 package has been released.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Libssh2 PHSA-2019-3.0-0026", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13115"], "modified": "2019-12-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libssh2", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0026_LIBSSH2.NASL", "href": "https://www.tenable.com/plugins/nessus/129102", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0026. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129102);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/24\");\n\n script_cve_id(\"CVE-2019-13115\");\n\n script_name(english:\"Photon OS 3.0: Libssh2 PHSA-2019-3.0-0026\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libssh2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0026.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13115\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"libssh2-1.9.0-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"libssh2-debuginfo-1.9.0-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"libssh2-devel-1.9.0-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-05-30T18:40:19", "description": "This update for zeromq fixes the following issues :\n\nCVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255)\n\nCorrectly mark license files as licence instead of documentation (bsc#1082318)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : zeromq (SUSE-SU-2019:1776-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libzmq5", "p-cpe:/a:novell:suse_linux:libzmq5-debuginfo", "p-cpe:/a:novell:suse_linux:zeromq-debugsource", "p-cpe:/a:novell:suse_linux:zeromq-devel", "p-cpe:/a:novell:suse_linux:zeromq-tools", "p-cpe:/a:novell:suse_linux:zeromq-tools-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1776-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126562", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1776-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126562);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-13132\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : zeromq (SUSE-SU-2019:1776-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for zeromq fixes the following issues :\n\nCVE-2019-13132: An unauthenticated remote attacker could have\nexploited a stack overflow vulnerability on a server that is supposed\nto be protected by encryption and authentication to potentially gain a\nremote code execution. (bsc#1140255)\n\nCorrectly mark license files as licence instead of documentation\n(bsc#1082318)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13132/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191776-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cf53598\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1776=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1776=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-1776=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1776=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzmq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzmq5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zeromq-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zeromq-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zeromq-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zeromq-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libzmq5-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libzmq5-debuginfo-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"zeromq-debugsource-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"zeromq-devel-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"zeromq-tools-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"zeromq-tools-debuginfo-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libzmq5-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libzmq5-debuginfo-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"zeromq-debugsource-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"zeromq-devel-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"zeromq-tools-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"zeromq-tools-debuginfo-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libzmq5-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libzmq5-debuginfo-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"zeromq-debugsource-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"zeromq-devel-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"zeromq-tools-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"zeromq-tools-debuginfo-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libzmq5-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libzmq5-debuginfo-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"zeromq-debugsource-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"zeromq-devel-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"zeromq-tools-4.2.3-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"zeromq-tools-debuginfo-4.2.3-3.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zeromq\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:59:51", "description": "Security fix for CVE-2019-13132\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-07T00:00:00", "type": "nessus", "title": "Fedora 31 : zeromq (2019-d20ce4d5a1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2019-12-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zeromq", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-D20CE4D5A1.NASL", "href": "https://www.tenable.com/plugins/nessus/129649", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-d20ce4d5a1.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129649);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2019-13132\");\n script_xref(name:\"FEDORA\", value:\"2019-d20ce4d5a1\");\n\n script_name(english:\"Fedora 31 : zeromq (2019-d20ce4d5a1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-13132\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-d20ce4d5a1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zeromq package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zeromq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"zeromq-4.3.2-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zeromq\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:40:52", "description": "This update for zeromq fixes the following issues :\n\n - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255)\n\n - Correctly mark license files as licence instead of documentation (bsc#1082318)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : zeromq (openSUSE-2019-1767)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2020-09-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libzmq5", "p-cpe:/a:novell:opensuse:libzmq5-debuginfo", "p-cpe:/a:novell:opensuse:zeromq-debugsource", "p-cpe:/a:novell:opensuse:zeromq-devel", "p-cpe:/a:novell:opensuse:zeromq-tools", "p-cpe:/a:novell:opensuse:zeromq-tools-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-1767.NASL", "href": "https://www.tenable.com/plugins/nessus/126902", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1767.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126902);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2019-13132\");\n\n script_name(english:\"openSUSE Security Update : zeromq (openSUSE-2019-1767)\");\n script_summary(english:\"Check for the openSUSE-2019-1767 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for zeromq fixes the following issues :\n\n - CVE-2019-13132: An unauthenticated remote attacker could\n have exploited a stack overflow vulnerability on a\n server that is supposed to be protected by encryption\n and authentication to potentially gain a remote code\n execution. (bsc#1140255)\n\n - Correctly mark license files as licence instead of\n documentation (bsc#1082318)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140255\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected zeromq packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzmq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzmq5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zeromq-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zeromq-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zeromq-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zeromq-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libzmq5-4.2.3-lp151.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libzmq5-debuginfo-4.2.3-lp151.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zeromq-debugsource-4.2.3-lp151.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zeromq-devel-4.2.3-lp151.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zeromq-tools-4.2.3-lp151.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zeromq-tools-debuginfo-4.2.3-lp151.5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzmq5 / libzmq5-debuginfo / zeromq-debugsource / zeromq-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:40:19", "description": "It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : zeromq3 vulnerability (USN-4050-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libzmq5", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4050-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126566", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4050-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126566);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-13132\");\n script_xref(name:\"USN\", value:\"4050-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : zeromq3 vulnerability (USN-4050-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ZeroMQ incorrectly handled certain application\nmetadata. A remote attacker could use this issue to cause ZeroMQ to\ncrash, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4050-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzmq5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libzmq5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libzmq5\", pkgver:\"4.1.4-7ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libzmq5\", pkgver:\"4.2.5-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libzmq5\", pkgver:\"4.2.5-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libzmq5\", pkgver:\"4.3.1-3ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzmq5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-12T14:54:43", "description": "The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2019:14117-1 advisory.\n\n - In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. (CVE-2019-13132)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : zeromq (SUSE-SU-2019:14117-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2021-06-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:11:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libzmq3:*:*:*:*:*:*:*"], "id": "SUSE_SU-2019-14117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150684", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14117-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150684);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\"CVE-2019-13132\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14117-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : zeromq (SUSE-SU-2019:14117-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE-\nSU-2019:14117-1 advisory.\n\n - In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated\n client connecting to a libzmq application, running with a socket listening with CURVE\n encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data,\n due to a buffer overflow in the library. Users running public servers with the above configuration are\n highly encouraged to upgrade as soon as possible, as there are no known mitigations. (CVE-2019-13132)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1140255\");\n # https://lists.suse.com/pipermail/sle-security-updates/2019-July/005673.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6745f120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13132\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libzmq3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13132\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzmq3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'libzmq3-4.0.4-3.3', 'sp':'3', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3'},\n {'reference':'libzmq3-4.0.4-3.3', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libzmq3-4.0.4-3.3', 'sp':'3', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3'},\n {'reference':'libzmq3-4.0.4-3.3', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libzmq3');\n}\n", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T14:57:11", "description": "Fang-Pen Lin reports :\n\nA remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "FreeBSD : libzmq4 -- Stack overflow (6954a2b0-bda8-11eb-a04e-641c67a117d8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2021-06-01T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libzmq4", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_6954A2B0BDA811EBA04E641C67A117D8.NASL", "href": "https://www.tenable.com/plugins/nessus/149977", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149977);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/01\");\n\n script_cve_id(\"CVE-2019-13132\");\n\n script_name(english:\"FreeBSD : libzmq4 -- Stack overflow (6954a2b0-bda8-11eb-a04e-641c67a117d8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Fang-Pen Lin reports :\n\nA remote, unauthenticated client connecting to a libzmq application,\nrunning with a socket listening with CURVE encryption/authentication\nenabled, may cause a stack overflow and overwrite the stack with\narbitrary data, due to a buffer overflow in the library. Users running\npublic servers with the above configuration are highly encouraged to\nupgrade as soon as possible, as there are no known mitigations.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/zeromq/libzmq/releases/tag/v4.3.2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/zeromq/libzmq/issues/3558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255102\"\n );\n # https://vuxml.freebsd.org/freebsd/6954a2b0-bda8-11eb-a04e-641c67a117d8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?359ba499\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libzmq4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libzmq4<4.3.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:42:08", "description": "Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a lightweight messaging kernel library. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE encryption/authentication enabled, can take advantage of this flaw to cause a denial of service or the execution of arbitrary code.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 4.0.5+dfsg-2+deb8u2.\n\nWe recommend that you upgrade your zeromq3 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "Debian DLA-1849-1 : zeromq3 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libzmq3", "p-cpe:/a:debian:debian_linux:libzmq3-dbg", "p-cpe:/a:debian:debian_linux:libzmq3-dev", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1849.NASL", "href": "https://www.tenable.com/plugins/nessus/126528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1849-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126528);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-13132\");\n\n script_name(english:\"Debian DLA-1849-1 : zeromq3 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ,\na lightweight messaging kernel library. A remote, unauthenticated\nclient connecting to an application using the libzmq library, running\nwith a socket listening with CURVE encryption/authentication enabled,\ncan take advantage of this flaw to cause a denial of service or the\nexecution of arbitrary code.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n4.0.5+dfsg-2+deb8u2.\n\nWe recommend that you upgrade your zeromq3 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/zeromq3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libzmq3, libzmq3-dbg, and libzmq3-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libzmq3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libzmq3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libzmq3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libzmq3\", reference:\"4.0.5+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libzmq3-dbg\", reference:\"4.0.5+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libzmq3-dev\", reference:\"4.0.5+dfsg-2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T19:00:37", "description": "Security fix for CVE-2019-13132\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-03T00:00:00", "type": "nessus", "title": "Fedora 29 : zeromq (2019-4d8f9a9235)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2019-12-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zeromq", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-4D8F9A9235.NASL", "href": "https://www.tenable.com/plugins/nessus/129541", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-4d8f9a9235.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129541);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-13132\");\n script_xref(name:\"FEDORA\", value:\"2019-4d8f9a9235\");\n\n script_name(english:\"Fedora 29 : zeromq (2019-4d8f9a9235)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-13132\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-4d8f9a9235\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zeromq package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zeromq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"zeromq-4.1.7-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zeromq\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:59:00", "description": "Security fix for CVE-2019-13132\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-03T00:00:00", "type": "nessus", "title": "Fedora 30 : zeromq (2019-8916b4e890)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2019-12-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zeromq", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-8916B4E890.NASL", "href": "https://www.tenable.com/plugins/nessus/129543", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-8916b4e890.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129543);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-13132\");\n script_xref(name:\"FEDORA\", value:\"2019-8916b4e890\");\n\n script_name(english:\"Fedora 30 : zeromq (2019-8916b4e890)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-13132\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-8916b4e890\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zeromq package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zeromq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"zeromq-4.3.2-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zeromq\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:43:03", "description": "Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a lightweight messaging kernel library. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE encryption/authentication enabled, can take advantage of this flaw to cause a denial of service or the execution of arbitrary code.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "Debian DSA-4477-1 : zeromq3 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:zeromq3", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4477.NASL", "href": "https://www.tenable.com/plugins/nessus/126529", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4477. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126529);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-13132\");\n script_xref(name:\"DSA\", value:\"4477\");\n\n script_name(english:\"Debian DSA-4477-1 : zeromq3 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ,\na lightweight messaging kernel library. A remote, unauthenticated\nclient connecting to an application using the libzmq library, running\nwith a socket listening with CURVE encryption/authentication enabled,\ncan take advantage of this flaw to cause a denial of service or the\nexecution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/zeromq3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/zeromq3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/zeromq3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4477\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the zeromq3 packages.\n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 4.2.1-4+deb9u2.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 4.3.1-4+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zeromq3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libzmq3-dev\", reference:\"4.3.1-4+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libzmq5\", reference:\"4.3.1-4+deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libzmq3-dev\", reference:\"4.2.1-4+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libzmq5\", reference:\"4.2.1-4+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libzmq5-dbg\", reference:\"4.2.1-4+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:48:48", "description": "An update of the zeromq package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Zeromq PHSA-2019-3.0-0024", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:zeromq", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0024_ZEROMQ.NASL", "href": "https://www.tenable.com/plugins/nessus/128162", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0024. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128162);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13132\");\n\n script_name(english:\"Photon OS 3.0: Zeromq PHSA-2019-3.0-0024\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the zeromq package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0024.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13132\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:zeromq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"zeromq-4.2.3-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"zeromq-debuginfo-4.2.3-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"zeromq-devel-4.2.3-2.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zeromq\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:48:48", "description": "The remote host is affected by the vulnerability described in GLSA-201908-17 (ZeroMQ: Arbitrary code execution)\n\n A buffer overflow was discovered in ZeroMQ.\n Impact :\n\n An attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "GLSA-201908-17 : ZeroMQ: Arbitrary code execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:zeromq", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201908-17.NASL", "href": "https://www.tenable.com/plugins/nessus/127966", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201908-17.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127966);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13132\");\n script_xref(name:\"GLSA\", value:\"201908-17\");\n\n script_name(english:\"GLSA-201908-17 : ZeroMQ: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201908-17\n(ZeroMQ: Arbitrary code execution)\n\n A buffer overflow was discovered in ZeroMQ.\n \nImpact :\n\n An attacker could possibly execute arbitrary code with the privileges of\n the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201908-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ZeroMQ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/zeromq-4.3.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:zeromq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/zeromq\", unaffected:make_list(\"ge 4.3.2\"), vulnerable:make_list(\"lt 4.3.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ZeroMQ\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:50:01", "description": "An update of the zeromq package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Zeromq PHSA-2019-1.0-0245", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:zeromq", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0245_ZEROMQ.NASL", "href": "https://www.tenable.com/plugins/nessus/128167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0245. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128167);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13132\");\n\n script_name(english:\"Photon OS 1.0: Zeromq PHSA-2019-1.0-0245\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the zeromq package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-245.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13132\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:zeromq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"zeromq-4.1.4-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"zeromq-debuginfo-4.1.4-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"zeromq-devel-4.1.4-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zeromq\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:52:48", "description": "An update of the zeromq package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Zeromq PHSA-2019-2.0-0171", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2019-12-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:zeromq", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0171_ZEROMQ.NASL", "href": "https://www.tenable.com/plugins/nessus/128723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0171. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128723);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/30\");\n\n script_cve_id(\"CVE-2019-13132\");\n\n script_name(english:\"Photon OS 2.0: Zeromq PHSA-2019-2.0-0171\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the zeromq package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-171.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13132\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:zeromq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"zeromq-4.1.4-4.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"zeromq-debuginfo-4.1.4-4.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"zeromq-devel-4.1.4-4.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zeromq\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:41:28", "description": "This update for zeromq fixes the following issues :\n\n - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-10T00:00:00", "type": "nessus", "title": "SUSE SLED12 Security Update : zeromq (SUSE-SU-2019:1785-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13132"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libzmq3", "p-cpe:/a:novell:suse_linux:libzmq3-debuginfo", "p-cpe:/a:novell:suse_linux:zeromq-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1785-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126596", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1785-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126596);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-13132\");\n\n script_name(english:\"SUSE SLED12 Security Update : zeromq (SUSE-SU-2019:1785-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for zeromq fixes the following issues :\n\n - CVE-2019-13132: An unauthenticated remote attacker could\n have exploited a stack overflow vulnerability on a\n server that is supposed to be protected by encryption\n and authentication to potentially gain a remote code\n execution. (bsc#1140255)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13132/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191785-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d17d5f39\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Tools 12:zypper in -t patch\nSUSE-SLE-Manager-Tools-12-2019-1785=1\n\nSUSE Manager Server 3.2:zypper in -t patch\nSUSE-SUSE-Manager-Server-3.2-2019-1785=1\n\nSUSE Manager Proxy 3.2:zypper in -t patch\nSUSE-SUSE-Manager-Proxy-3.2-2019-1785=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-1785=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1785=1\n\nSUSE Linux Enterprise Point of Sale 12-SP2:zypper in -t patch\nSUSE-SLE-POS-12-SP2-2019-1785=1\n\nSUSE Linux Enterprise Module for Advanced Systems Management 12:zypper\nin -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-1785=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1785=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-1785=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-1785=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzmq3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzmq3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zeromq-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libzmq3-4.0.4-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libzmq3-debuginfo-4.0.4-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"zeromq-debugsource-4.0.4-15.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zeromq\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:19:54", "description": "An update of the curl package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Curl PHSA-2019-2.0-0171", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890"], "modified": "2019-12-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0171_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/128714", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0171. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128714);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/30\");\n\n script_cve_id(\"CVE-2018-16890\");\n script_bugtraq_id(106947);\n\n script_name(english:\"Photon OS 2.0: Curl PHSA-2019-2.0-0171\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-171.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16890\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.59.0-8.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.59.0-8.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.59.0-8.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.59.0-8.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-15T13:48:01", "description": "According to the version of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : unzip (EulerOS-SA-2020-1439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unzip", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1439.NASL", "href": "https://www.tenable.com/plugins/nessus/135568", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135568);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"EulerOS 2.0 SP3 : unzip (EulerOS-SA-2020-1439)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unzip package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files\n inside a ZIP container, leading to denial of service\n (resource consumption), aka a 'better zip bomb'\n issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1439\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?833b54b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unzip-6.0-15.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-14T00:19:40", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2486 advisory.\n\n - unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-06-12T00:00:00", "type": "nessus", "title": "RHEL 7 : unzip (RHSA-2020:2486)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:unzip"], "id": "REDHAT-RHSA-2020-2486.NASL", "href": "https://www.tenable.com/plugins/nessus/137396", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2486. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137396);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2019-13232\");\n script_xref(name:\"RHSA\", value:\"2020:2486\");\n\n script_name(english:\"RHEL 7 : unzip (RHSA-2020:2486)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:2486 advisory.\n\n - unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1727761\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unzip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_aus_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-aus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_e4s_7_6_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_e4s_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms'\n ],\n 'rhel_eus_7_7_computenode': [\n 'rhel-7-hpc-node-eus-debug-rpms',\n 'rhel-7-hpc-node-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-hpc-node-eus-optional-debug-rpms',\n 'rhel-7-hpc-node-eus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-hpc-node-eus-optional-rpms',\n 'rhel-7-hpc-node-eus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-hpc-node-eus-optional-source-rpms',\n 'rhel-7-hpc-node-eus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-hpc-node-eus-rpms',\n 'rhel-7-hpc-node-eus-rpms__7_DOT_7__x86_64',\n 'rhel-7-hpc-node-eus-source-rpms',\n 'rhel-7-hpc-node-eus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_eus_7_7_server': [\n 'rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-7-for-system-z-eus-debug-rpms__7_DOT_7__s390x',\n 'rhel-7-for-system-z-eus-optional-debug-rpms',\n 'rhel-7-for-system-z-eus-optional-debug-rpms__7_DOT_7__s390x',\n 'rhel-7-for-system-z-eus-optional-rpms',\n 'rhel-7-for-system-z-eus-optional-rpms__7_DOT_7__s390x',\n 'rhel-7-for-system-z-eus-optional-source-rpms',\n 'rhel-7-for-system-z-eus-optional-source-rpms__7_DOT_7__s390x',\n 'rhel-7-for-system-z-eus-rpms',\n 'rhel-7-for-system-z-eus-rpms__7_DOT_7__s390x',\n 'rhel-7-for-system-z-eus-source-rpms',\n 'rhel-7-for-system-z-eus-source-rpms__7_DOT_7__s390x',\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-eus-debug-rpms',\n 'rhel-7-server-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-eus-optional-debug-rpms',\n 'rhel-7-server-eus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-eus-optional-rpms',\n 'rhel-7-server-eus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-eus-optional-source-rpms',\n 'rhel-7-server-eus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-eus-rpms',\n 'rhel-7-server-eus-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-eus-source-rpms',\n 'rhel-7-server-eus-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-eus-rpms',\n 'rhel-ha-for-rhel-7-server-eus-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-rs-for-rhel-7-server-eus-rpms',\n 'rhel-rs-for-rhel-7-server-eus-rpms__7_DOT_7__x86_64',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_e4s_7_7': [\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_eus_7_7': [\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms__7_DOT_7__s390x',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms__7_DOT_7__s390x',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms__7_DOT_7__s390x',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_hana_e4s_7_7': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_hana_eus_7_7': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_tus_7_7_server': [\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-7-server-tus-source-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms__7_DOT_7__x86_64'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'unzip-6.0-20.el7_7.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_eus_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_extras_sap_hana_eus_7_7', 'rhel_tus_7_7_server']},\n {'reference':'unzip-6.0-20.el7_7.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_eus_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_extras_sap_hana_eus_7_7', 'rhel_tus_7_7_server']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unzip');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-19T00:46:31", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1787 advisory.\n\n - unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "RHEL 8 : unzip (RHSA-2020:1787)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:unzip"], "id": "REDHAT-RHSA-2020-1787.NASL", "href": "https://www.tenable.com/plugins/nessus/143023", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1787. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143023);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\"CVE-2019-13232\");\n script_xref(name:\"RHSA\", value:\"2020:1787\");\n\n script_name(english:\"RHEL 8 : unzip (RHSA-2020:1787)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:1787 advisory.\n\n - unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1727761\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unzip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_2_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_2_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_2_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'unzip-6.0-43.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'unzip-6.0-43.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'unzip-6.0-43.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unzip');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-14T00:23:51", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1181 advisory.\n\n - unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-04-01T00:00:00", "type": "nessus", "title": "RHEL 7 : unzip (RHSA-2020:1181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:unzip"], "id": "REDHAT-RHSA-2020-1181.NASL", "href": "https://www.tenable.com/plugins/nessus/135053", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1181. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135053);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\"CVE-2019-13232\");\n script_xref(name:\"RHSA\", value:\"2020:1181\");\n\n script_name(english:\"RHEL 7 : unzip (RHSA-2020:1181)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:1181 advisory.\n\n - unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1727761\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unzip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'unzip-6.0-21.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'unzip-6.0-21.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unzip');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:21:03", "description": "An update of the unzip package has been released.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Unzip PHSA-2019-3.0-0024", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-06-17T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:unzip", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0024_UNZIP.NASL", "href": "https://www.tenable.com/plugins/nessus/128161", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0024. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128161);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/17\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"Photon OS 3.0: Unzip PHSA-2019-3.0-0024\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the unzip package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0024.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"unzip-6.0-13.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"unzip-debuginfo-6.0-13.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:10:51", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unzip packages installed that are affected by a vulnerability:\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : unzip Vulnerability (NS-SA-2020-0065)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0065_UNZIP.NASL", "href": "https://www.tenable.com/plugins/nessus/143986", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0065. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143986);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : unzip Vulnerability (NS-SA-2020-0065)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unzip packages installed that are affected by\na vulnerability:\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of\n service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0065\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL unzip packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'unzip-6.0-21.el7',\n 'unzip-debuginfo-6.0-21.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'unzip-6.0-21.el7',\n 'unzip-debuginfo-6.0-21.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unzip');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:20:33", "description": "An update of the unzip package has been released.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Unzip PHSA-2019-1.0-0246", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-06-17T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:unzip", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0246_UNZIP.NASL", "href": "https://www.tenable.com/plugins/nessus/128173", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0246. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128173);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/17\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"Photon OS 1.0: Unzip PHSA-2019-1.0-0246\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the unzip package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-246.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"unzip-6.0-11.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:14:25", "description": "According to the version of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : unzip (EulerOS-SA-2020-1671)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unzip", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1671.NASL", "href": "https://www.tenable.com/plugins/nessus/137513", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137513);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13232\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : unzip (EulerOS-SA-2020-1671)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unzip package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files\n inside a ZIP container, leading to denial of service\n (resource consumption), aka a 'better zip bomb'\n issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1671\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?59f85068\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unzip-6.0-15.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:15:32", "description": "* unzip: overlapping of files in ZIP container leads to denial of service", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : unzip on SL7.x x86_64 (20200407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-09-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:unzip", "p-cpe:/a:fermilab:scientific_linux:unzip-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200407_UNZIP_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135841", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135841);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/29\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"Scientific Linux Security Update : unzip on SL7.x x86_64 (20200407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"* unzip: overlapping of files in ZIP container leads to denial of\nservice\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=20363\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?441114ee\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected unzip and / or unzip-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unzip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"unzip-6.0-21.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"unzip-debuginfo-6.0-21.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip / unzip-debuginfo\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-19T13:30:18", "description": "According to the version of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : unzip (EulerOS-SA-2019-2010)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unzip", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2010.NASL", "href": "https://www.tenable.com/plugins/nessus/129203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129203);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"EulerOS 2.0 SP3 : unzip (EulerOS-SA-2019-2010)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unzip package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files\n inside a ZIP container, leading to denial of service\n (resource consumption), aka a 'better zip bomb'\n issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2010\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dc773494\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"unzip-6.0-15.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-24T11:44:32", "description": "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue. (CVE-2019-13232)\n\nImpact\n\nLocal users with administrative access to the BIG-IP Advanced Shell ( bash ) may be able to perform a resource-consumption denial-of-service (DoS)attack. This attack can only be exploited by uncompressing a ZIP file usingthe zip or unzip utility from the command lineor by a user-generated script. No F5 scripts or utilities call these programs to unpack a ZIP archive.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : InfoZIP vulnerability (K80311892)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2021-09-23T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL80311892.NASL", "href": "https://www.tenable.com/plugins/nessus/150469", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K80311892.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150469);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/23\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"F5 Networks BIG-IP : InfoZIP vulnerability (K80311892)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP\ncontainer, leading to denial of service (resource consumption), aka a\n'better zip bomb' issue. (CVE-2019-13232)\n\nImpact\n\nLocal users with administrative access to the BIG-IP Advanced Shell (\nbash ) may be able to perform a resource-consumption denial-of-service\n(DoS)attack. This attack can only be exploited by uncompressing a ZIP\nfile usingthe zip or unzip utility from the command lineor by a\nuser-generated script. No F5 scripts or utilities call these programs\nto unpack a ZIP archive.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K80311892\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K80311892.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K80311892\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_note(port:0, extra:bigip_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-14T23:34:03", "description": "The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:1787 advisory.\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : unzip (ALSA-2020:1787)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:unzip", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2020-1787.NASL", "href": "https://www.tenable.com/plugins/nessus/157547", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2020:1787.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157547);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2019-13232\");\n script_xref(name:\"ALSA\", value:\"2020:1787\");\n\n script_name(english:\"AlmaLinux 8 : unzip (ALSA-2020:1787)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the\nALSA-2020:1787 advisory.\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of\n service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2020-1787.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'unzip-6.0-43.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unzip');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:07:37", "description": "The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2020:1787 advisory.\n\n - unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : unzip (CESA-2020:1787)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:unzip"], "id": "CENTOS8_RHSA-2020-1787.NASL", "href": "https://www.tenable.com/plugins/nessus/146023", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:1787. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146023);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2019-13232\");\n script_xref(name:\"RHSA\", value:\"2020:1787\");\n\n script_name(english:\"CentOS 8 : unzip (CESA-2020:1787)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the\nCESA-2020:1787 advisory.\n\n - unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1787\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unzip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'unzip-6.0-43.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unzip-6.0-43.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unzip');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:10:11", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has unzip packages installed that are affected by a vulnerability:\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : unzip Vulnerability (NS-SA-2020-0098)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0098_UNZIP.NASL", "href": "https://www.tenable.com/plugins/nessus/143997", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0098. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143997);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : unzip Vulnerability (NS-SA-2020-0098)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has unzip packages installed that are affected by\na vulnerability:\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of\n service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0098\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL unzip packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'unzip-6.0-21.el7',\n 'unzip-debuginfo-6.0-21.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'unzip-6.0-21.el7',\n 'unzip-debuginfo-6.0-21.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unzip');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:19:54", "description": "An update of the unzip package has been released.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Unzip PHSA-2019-2.0-0171", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-06-17T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:unzip", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0171_UNZIP.NASL", "href": "https://www.tenable.com/plugins/nessus/128722", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0171. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128722);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/17\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"Photon OS 2.0: Unzip PHSA-2019-2.0-0171\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the unzip package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-171.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"unzip-6.0-14.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"unzip-debuginfo-6.0-14.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:21:30", "description": "The unzip security update issued as DLA 1846-1 caused a regression when building the Firefox web browser from source.\n\nThere is a zip-like file in the Firefox distribution, omni.ja, which is a zip container with the central directory placed at the start of the file instead of after the local entries as required by the zip standard. This update now permits such containers to not raise a zip bomb alert, where in fact there are no overlaps.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 6.0-16+deb8u5.\n\nWe recommend that you upgrade your unzip packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-07-08T00:00:00", "type": "nessus", "title": "Debian DLA-1846-2 : unzip regression update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:unzip", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1846.NASL", "href": "https://www.tenable.com/plugins/nessus/126512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1846-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126512);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"Debian DLA-1846-2 : unzip regression update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The unzip security update issued as DLA 1846-1 caused a regression\nwhen building the Firefox web browser from source.\n\nThere is a zip-like file in the Firefox distribution, omni.ja, which\nis a zip container with the central directory placed at the start of\nthe file instead of after the local entries as required by the zip\nstandard. This update now permits such containers to not raise a zip\nbomb alert, where in fact there are no overlaps.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n6.0-16+deb8u5.\n\nWe recommend that you upgrade your unzip packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/unzip\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected unzip package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"unzip\", reference:\"6.0-16+deb8u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-19T13:31:57", "description": "According to the version of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : unzip (EulerOS-SA-2019-1818)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unzip", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1818.NASL", "href": "https://www.tenable.com/plugins/nessus/128187", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128187);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2019-13232\");\n\n script_name(english:\"EulerOS 2.0 SP8 : unzip (EulerOS-SA-2019-1818)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unzip package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files\n inside a ZIP container, leading to denial of service\n (resource consumption), aka a 'better zip bomb'\n issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1818\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b8ced32\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"unzip-6.0-40.h2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:16:46", "description": "According to the version of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : unzip (EulerOS-SA-2020-1184)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unzip", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1184.NASL", "href": "https://www.tenable.com/plugins/nessus/134018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134018);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13232\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : unzip (EulerOS-SA-2020-1184)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unzip package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files\n inside a ZIP container, leading to denial of service\n (resource consumption), aka a 'better zip bomb'\n issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1184\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f9430d97\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"unzip-6.0-40.h4.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:16:32", "description": "According to the version of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-02-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : unzip (EulerOS-SA-2020-1137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unzip", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1137.NASL", "href": "https://www.tenable.com/plugins/nessus/133938", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133938);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13232\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : unzip (EulerOS-SA-2020-1137)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unzip package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files\n inside a ZIP container, leading to denial of service\n (resource consumption), aka a 'better zip bomb'\n issue.(CVE-2019-13232)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1137\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b66c5a9b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unzip-6.0-19.h8.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-16T15:34:52", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1550 advisory.\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-10-27T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : unzip (ALAS-2020-1550)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-10-27T00:00:00", "cpe": ["cpe:2.3:o:amazon:linux:2:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:unzip:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:unzip-debuginfo:*:*:*:*:*:*:*"], "id": "AL2_ALAS-2020-1550.NASL", "href": "https://www.tenable.com/plugins/nessus/141938", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1550.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141938);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/27\");\n\n script_cve_id(\"CVE-2019-13232\");\n script_xref(name:\"ALAS\", value:\"2020-1550\");\n\n script_name(english:\"Amazon Linux 2 : unzip (ALAS-2020-1550)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2020-1550 advisory.\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of\n service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1550.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13232\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update unzip' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unzip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'unzip-6.0-21.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'unzip-6.0-21.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'unzip-6.0-21.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'unzip-debuginfo-6.0-21.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'unzip-debuginfo-6.0-21.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'unzip-debuginfo-6.0-21.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip / unzip-debuginfo\");\n}", "cvss": {"score": 2.1, "vector": "CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:16:26", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1181 advisory.\n\n - unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "CentOS 7 : unzip (CESA-2020:1181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13232"], "modified": "2020-06-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:unzip", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-1181.NASL", "href": "https://www.tenable.com/plugins/nessus/135355", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1181 and \n# CentOS Errata and Security Advisory 2020:1181 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135355);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2019-13232\");\n script_xref(name:\"RHSA\", value:\"2020:1181\");\n\n script_name(english:\"CentOS 7 : unzip (CESA-2020:1181)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:1181 advisory.\n\n - unzip: overlapping of files in ZIP container leads to\n denial of service (CVE-2019-13232)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012634.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43a9b90c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13232\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"unzip-6.0-21.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-13T16:18:28", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.32, 7.2.x prior to 7.2.22 or 7.3.x prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities including an unspecified heap buffer overflow.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-18T00:00:00", "type": "nessus", "title": "PHP 7.3.x < 7.3.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98682", "href": "https://www.tenable.com/plugins/was/98682", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-13T16:18:29", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.32, 7.2.x prior to 7.2.22 or 7.3.x prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities including an unspecified heap buffer overflow.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-18T00:00:00", "type": "nessus", "title": "PHP 7.1.x < 7.1.32 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98684", "href": "https://www.tenable.com/plugins/was/98684", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-13T16:18:27", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.32, 7.2.x prior to 7.2.22 or 7.3.x prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities including an unspecified heap buffer overflow.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-18T00:00:00", "type": "nessus", "title": "PHP 7.2.x < 7.2.22 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98683", "href": "https://www.tenable.com/plugins/was/98683", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T16:02:04", "description": "According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities including an unspecified heap buffer overflow.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-05T00:00:00", "type": "nessus", "title": "PHP 7.3.x < 7.3.9 Multiple Vulnerabilities.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_3_9.NASL", "href": "https://www.tenable.com/plugins/nessus/128531", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128531);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2019-13224\");\n\n script_name(english:\"PHP 7.3.x < 7.3.9 Multiple Vulnerabilities.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.3.x prior to 7.3.9. It is, therefore, affected by multiple\nvulnerabilities including an unspecified heap buffer overflow.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.php.net/ChangeLog-7.php#7.3.9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=78213\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.3.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\ninclude('audit.inc');\n\nport = get_http_port(default:80, php:TRUE);\napp = 'PHP';\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\nbackported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nconstraints = [{'min_version':'7.3.0alpha1', 'fixed_version':'7.3.9'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T15:52:57", "description": "A use-after-free in onig_new_deluxe() in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe().\n\nFor Debian 8 'Jessie', this problem has been fixed in version 5.9.5-3.2+deb8u2.\n\nWe recommend that you upgrade your libonig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-19T00:00:00", "type": "nessus", "title": "Debian DLA-1854-1 : libonig security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libonig-dev", "p-cpe:/a:debian:debian_linux:libonig2", "p-cpe:/a:debian:debian_linux:libonig2-dbg", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1854.NASL", "href": "https://www.tenable.com/plugins/nessus/126793", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1854-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126793);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-13224\");\n\n script_name(english:\"Debian DLA-1854-1 : libonig security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free in onig_new_deluxe() in regext.c allows attackers to\npotentially cause information disclosure, denial of service, or\npossibly code execution by providing a crafted regular expression. The\nattacker provides a pair of a regex pattern and a string, with a\nmulti-byte encoding that gets handled by onig_new_deluxe().\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n5.9.5-3.2+deb8u2.\n\nWe recommend that you upgrade your libonig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libonig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libonig-dev, libonig2, and libonig2-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libonig-dev\", reference:\"5.9.5-3.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libonig2\", reference:\"5.9.5-3.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libonig2-dbg\", reference:\"5.9.5-3.2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T15:55:16", "description": "An update of the oniguruma package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Oniguruma PHSA-2019-3.0-0024", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:oniguruma", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0024_ONIGURUMA.NASL", "href": "https://www.tenable.com/plugins/nessus/128157", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0024. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128157);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13224\");\n\n script_name(english:\"Photon OS 3.0: Oniguruma PHSA-2019-3.0-0024\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the oniguruma package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0024.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"oniguruma-6.9.0-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"oniguruma-debuginfo-6.9.0-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"oniguruma-devel-6.9.0-2.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:38:30", "description": "This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).\n\nNon-security issue fixed: Added explicit requires between libglib2 and libgio2 (bsc#1140122).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-07-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : glib2 (SUSE-SU-2019:1830-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glib2-debugsource", "p-cpe:/a:novell:suse_linux:glib2-tools", "p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-2_0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-fam", "p-cpe:/a:novell:suse_linux:libgio-fam-debuginfo", "p-cpe:/a:novell:suse_linux:libglib-2_0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgmodule-2_0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgobject-2_0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgthread-2_0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1830-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1830-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126692);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : glib2 (SUSE-SU-2019:1830-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when\ncreating directories (bsc#1139959).\n\nNon-security issue fixed: Added explicit requires between libglib2 and\nlibgio2 (bsc#1140122).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13012/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191830-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1d7141c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-1830=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-1830=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP5:zypper in -t patch\nSUSE-SLE-WE-12-SP5-2019-1830=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-1830=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2019-1830=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1830=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-1830=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-1830=1\n\nSUSE Linux Enterprise Desktop 12-SP5:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP5-2019-1830=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1830=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-1830=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-1830=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-fam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-fam-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-fam-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-fam-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-fam-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-02-19T13:39:54", "description": "This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-07-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : glib2 (SUSE-SU-2019:1833-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glib2-debugsource", "p-cpe:/a:novell:suse_linux:glib2-devel", "p-cpe:/a:novell:suse_linux:glib2-devel-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:glib2-devel-debuginfo", "p-cpe:/a:novell:suse_linux:glib2-devel-static", "p-cpe:/a:novell:suse_linux:glib2-tools", "p-cpe:/a:novell:suse_linux:glib2-tools-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-2_0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-fam", "p-cpe:/a:novell:suse_linux:libgio-fam-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-fam-debuginfo", "p-cpe:/a:novell:suse_linux:libglib-2_0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgmodule-2_0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgobject-2_0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgthread-2_0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1833-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1833-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126694);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : glib2 (SUSE-SU-2019:1833-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when\ncreating directories (bsc#1139959).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13012/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191833-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0197fb8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15:zypper in\n-t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1833=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1833=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1833=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-1833=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1833=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-devel-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-fam-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-fam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-fam-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-fam-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-debugsource-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-devel-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-devel-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-devel-static-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-tools-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-tools-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgio-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgio-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgio-fam-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgio-fam-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libglib-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libglib-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgmodule-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgmodule-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgobject-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgobject-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgthread-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgthread-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-debugsource-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-devel-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-devel-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-devel-static-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-tools-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-tools-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgio-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgio-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgio-fam-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgio-fam-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libglib-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libglib-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgmodule-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgmodule-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgobject-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgobject-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgthread-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgthread-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-fam-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-fam-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-debugsource-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-devel-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-devel-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-devel-static-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-tools-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-tools-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgio-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgio-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgio-fam-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgio-fam-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libglib-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libglib-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgmodule-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgmodule-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgobject-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgobject-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgthread-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgthread-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-debugsource-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-devel-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-devel-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-devel-static-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-tools-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-tools-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgio-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgio-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgio-fam-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgio-fam-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libglib-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libglib-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgmodule-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgmodule-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgobject-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgobject-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgthread-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgthread-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:19:54", "description": "An update of the glib package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Glib PHSA-2019-2.0-0171", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2019-12-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:glib", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0171_GLIB.NASL", "href": "https://www.tenable.com/plugins/nessus/128716", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0171. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128716);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/30\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"Photon OS 2.0: Glib PHSA-2019-2.0-0171\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the glib package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-171.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glib-2.58.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glib-debuginfo-2.58.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glib-devel-2.58.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glib-schemas-2.58.3-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-02-19T13:32:53", "description": "This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).\n\nNon-security issue fixed: Added explicit requires between libglib2 and libgio2 (bsc#1140122).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : glib2 (SUSE-SU-2019:1830-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glib2-debugsource", "p-cpe:/a:novell:suse_linux:glib2-tools", "p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-2_0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libglib-2_0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgmodule-2_0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgobject-2_0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgthread-2_0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1830-2.NASL", "href": "https://www.tenable.com/plugins/nessus/128017", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1830-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128017);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"SUSE SLES12 Security Update : glib2 (SUSE-SU-2019:1830-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when\ncreating directories (bsc#1139959).\n\nNon-security issue fixed: Added explicit requires between libglib2 and\nlibgio2 (bsc#1140122).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13012/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191830-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e0f741c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-1830=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-1830=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-1830=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:21:06", "description": "An update of the glib package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Glib PHSA-2019-3.0-0024", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:glib", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0024_GLIB.NASL", "href": "https://www.tenable.com/plugins/nessus/128152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0024. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128152);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"Photon OS 3.0: Glib PHSA-2019-3.0-0024\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the glib package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0024.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"glib-2.58.0-4.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"glib-debuginfo-2.58.0-4.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"glib-devel-2.58.0-4.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"glib-schemas-2.58.0-4.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:20:22", "description": "An update of the glib package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Glib PHSA-2019-1.0-0245", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:glib", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0245_GLIB.NASL", "href": "https://www.tenable.com/plugins/nessus/128166", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0245. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128166);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"Photon OS 1.0: Glib PHSA-2019-1.0-0245\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the glib package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-245.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glib-2.58.3-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glib-debuginfo-2.58.3-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glib-devel-2.58.3-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glib-schemas-2.58.3-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:20:32", "description": "Simon McVittie spotted a memory leak regression in the way CVE-2019-13012 had been resolved for glib2.0 in Debian jessie.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 2.42.1-1+deb8u3.\n\nWe recommend that you upgrade your glib2.0 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Debian DLA-1866-2 : glib2.0 regression update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libglib2.0-0", "p-cpe:/a:debian:debian_linux:libglib2.0-0-dbg", "p-cpe:/a:debian:debian_linux:libglib2.0-0-refdbg", "p-cpe:/a:debian:debian_linux:libglib2.0-bin", "p-cpe:/a:debian:debian_linux:libglib2.0-data", "p-cpe:/a:debian:debian_linux:libglib2.0-dev", "p-cpe:/a:debian:debian_linux:libglib2.0-doc", "p-cpe:/a:debian:debian_linux:libglib2.0-tests", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1866.NASL", "href": "https://www.tenable.com/plugins/nessus/127475", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1866-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127475);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"Debian DLA-1866-2 : glib2.0 regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Simon McVittie spotted a memory leak regression in the way\nCVE-2019-13012 had been resolved for glib2.0 in Debian jessie.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n2.42.1-1+deb8u3.\n\nWe recommend that you upgrade your glib2.0 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/glib2.0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libglib2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libglib2.0-0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p