DATABASE RESOURCES PRICING ABOUT US

{"id": "PHSA-2020-0242", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Important Photon OS Security Update - PHSA-2020-0242", "description": "Updates of ['linux-aws', 'glibc', 'linux-secure', 'ruby', 'linux-esx', 'linux', 'openldap'] packages of Photon OS have been released.\n", "published": "2020-05-06T00:00:00", "modified": "2020-05-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-242", "reporter": "Photon", "references": [], "cvelist": ["CVE-2016-10739", "CVE-2020-10029", "CVE-2020-10663", "CVE-2020-10711", "CVE-2020-10933", "CVE-2020-12243"], "immutableFields": [], "lastseen": "2022-05-12T18:21:19", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2587", "ALSA-2021:2588"]}, {"type": "amazon", "idList": ["ALAS-2019-1320", "ALAS-2020-1366", "ALAS-2020-1375", "ALAS-2020-1382", "ALAS-2020-1416", "ALAS-2020-1422", "ALAS-2020-1423", "ALAS-2020-1426", "ALAS-2020-1428", "ALAS-2020-1429", "ALAS-2021-1511", "ALAS2-2020-1425", "ALAS2-2020-1517", "ALAS2-2020-1539", "ALAS2-2021-1641"]}, {"type": "apple", "idList": ["APPLE:3D7765FAAA5588336144E1B60D0B775E", "APPLE:9AAA600C4496E1F352EC9F07A8BDC39B", "APPLE:HT211289", "APPLE:HT211931"]}, {"type": "centos", "idList": ["CESA-2019:2118", "CESA-2020:2103", "CESA-2020:4041", "CESA-2021:0348"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0561"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:5D359B30C62666D917EB31596D1BFDE4", "CFOUNDRY:81709274A5535B1DACDD4242D3B162A5", "CFOUNDRY:FF4932B5C8F02BCDD5166E1468967F16"]}, {"type": "cve", "idList": ["CVE-2016-10739", "CVE-2019-18348", "CVE-2020-10029", "CVE-2020-10663", "CVE-2020-10711", "CVE-2020-10933", "CVE-2020-12243"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2190-1:22FB1", "DEBIAN:DLA-2190-1:342CE", "DEBIAN:DLA-2192-1:E4FCE", "DEBIAN:DLA-2192-1:FD86A", "DEBIAN:DLA-2199-1:53459", "DEBIAN:DLA-2242-1:573AF", "DEBIAN:DSA-4666-1:DF30C", "DEBIAN:DSA-4666-1:E8C55", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4698-1:E1A7D", "DEBIAN:DSA-4699-1:122C4", "DEBIAN:DSA-4699-1:D5D43", "DEBIAN:DSA-4721-1:85B0A", "DEBIAN:DSA-4721-1:BB086"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-10739", "DEBIANCVE:CVE-2019-18348", "DEBIANCVE:CVE-2020-10029", "DEBIANCVE:CVE-2020-10663", "DEBIANCVE:CVE-2020-10711", "DEBIANCVE:CVE-2020-10933", "DEBIANCVE:CVE-2020-12243"]}, {"type": "f5", "idList": ["F5:K02354867", "F5:K35040315", "F5:K38481791", "F5:K45243961"]}, {"type": "fedora", "idList": ["FEDORA:049BD604E7C5", "FEDORA:055473124314", "FEDORA:08C6260AAEC8", "FEDORA:15484608781D", "FEDORA:62D0460BC99C", "FEDORA:803AE30C6416", "FEDORA:A680A60877B2", "FEDORA:A9E386095B4D", "FEDORA:AAD0A60B6998", "FEDORA:C7F146099564", "FEDORA:C8A606087D99"]}, {"type": "freebsd", "idList": ["40194E1C-6D89-11EA-8082-80EE73419AF3", "C7617931-8985-11EA-93EF-B42E99A1B9C3"]}, {"type": "gentoo", "idList": ["GLSA-202006-04"]}, {"type": "github", "idList": ["GHSA-JPHG-QWRW-7W9G"]}, {"type": "githubexploit", "idList": ["A7B3D8A2-6024-5329-87C3-9277F989B6A4"]}, {"type": "ibm", "idList": ["1879325E67264056B58E8AD7F16855960BE3D80A459CF04AA2C576744065C438", "22DFDD1FF1BBF70D9C813ACA916818103631328A11AEED7718476AD8FD37F722", "3A0EC58D68A9FF044EFDD59A19016C7F96E811E1FC47D2E23F42FDF074B43F35", "553055C3FBB4B66E0E52E9ED84C317CAD8597E592FD02A4980DEC6315CABD2E7", "6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96", "74EB94293C5F397767E62C9F6D734DE973B44B9B7EC427A98C99E92C3C3D6590", "9148A44BD9A1C1A13CCEBD8F0346557CF005830103920CDDC01519240525CB58", "935D16DF36C800393007E5C108A433F20ED3C2511F590B5AD68460B950CB39BA", "DABA54C910D787AA9C35B75D7ABCC7D92583CC7B7E08D8777DA37589A3BB056B", "ED8A3D1B7861E9FADE2E56F3710C2F426BD0F046968D24A2807B0DBC778A1AA1"]}, {"type": "ics", "idList": ["ICSA-22-116-01"]}, {"type": "kitploit", "idList": ["KITPLOIT:2401425074991132396"]}, {"type": "mageia", "idList": ["MGASA-2020-0135", "MGASA-2020-0186", "MGASA-2020-0200", "MGASA-2020-0227", "MGASA-2020-0228", "MGASA-2020-0285"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1425.NASL", "AL2_ALAS-2020-1517.NASL", "AL2_ALAS-2020-1539.NASL", "AL2_ALAS-2021-1641.NASL", "AL2_ALASKERNEL-5_4-2022-011.NASL", "ALA_ALAS-2019-1320.NASL", "ALA_ALAS-2020-1366.NASL", "ALA_ALAS-2020-1382.NASL", "ALA_ALAS-2020-1416.NASL", "ALA_ALAS-2020-1422.NASL", "ALA_ALAS-2020-1423.NASL", "ALA_ALAS-2020-1426.NASL", "ALA_ALAS-2020-1428.NASL", "ALA_ALAS-2020-1429.NASL", "ALA_ALAS-2021-1511.NASL", "CENTOS8_RHSA-2019-3513.NASL", "CENTOS8_RHSA-2020-2102.NASL", "CENTOS8_RHSA-2020-2462.NASL", "CENTOS8_RHSA-2020-4444.NASL", "CENTOS8_RHSA-2021-2587.NASL", "CENTOS8_RHSA-2021-2588.NASL", "CENTOS_RHSA-2019-2118.NASL", "CENTOS_RHSA-2020-2103.NASL", "CENTOS_RHSA-2020-4041.NASL", "CENTOS_RHSA-2021-0348.NASL", "DEBIAN_DLA-2190.NASL", "DEBIAN_DLA-2192.NASL", "DEBIAN_DLA-2199.NASL", "DEBIAN_DLA-2242.NASL", "DEBIAN_DSA-4666.NASL", "DEBIAN_DSA-4698.NASL", "DEBIAN_DSA-4699.NASL", "DEBIAN_DSA-4721.NASL", "EULEROS_SA-2019-2155.NASL", "EULEROS_SA-2019-2307.NASL", "EULEROS_SA-2019-2476.NASL", "EULEROS_SA-2020-1041.NASL", "EULEROS_SA-2020-1229.NASL", "EULEROS_SA-2020-1288.NASL", "EULEROS_SA-2020-1369.NASL", "EULEROS_SA-2020-1388.NASL", "EULEROS_SA-2020-1478.NASL", "EULEROS_SA-2020-1514.NASL", "EULEROS_SA-2020-1532.NASL", "EULEROS_SA-2020-1585.NASL", "EULEROS_SA-2020-1590.NASL", "EULEROS_SA-2020-1592.NASL", "EULEROS_SA-2020-1599.NASL", "EULEROS_SA-2020-1612.NASL", "EULEROS_SA-2020-1615.NASL", "EULEROS_SA-2020-1667.NASL", "EULEROS_SA-2020-1685.NASL", "EULEROS_SA-2020-1686.NASL", "EULEROS_SA-2020-1691.NASL", "EULEROS_SA-2020-1698.NASL", "EULEROS_SA-2020-1701.NASL", "EULEROS_SA-2020-1712.NASL", "EULEROS_SA-2020-1717.NASL", "EULEROS_SA-2020-1739.NASL", "EULEROS_SA-2020-1920.NASL", "EULEROS_SA-2020-1955.NASL", "EULEROS_SA-2020-1958.NASL", "EULEROS_SA-2020-1959.NASL", "EULEROS_SA-2020-2130.NASL", "EULEROS_SA-2020-2131.NASL", "EULEROS_SA-2020-2139.NASL", "EULEROS_SA-2020-2141.NASL", "EULEROS_SA-2020-2230.NASL", "EULEROS_SA-2020-2240.NASL", "EULEROS_SA-2020-2334.NASL", "EULEROS_SA-2020-2443.NASL", "F5_BIGIP_SOL38481791.NASL", "FEDORA_2020-244EFC27AF.NASL", "FEDORA_2020-26DF92331A.NASL", "FEDORA_2020-5A69DECC0C.NASL", "FEDORA_2020-7F625C5EA8.NASL", "FEDORA_2020-A95706B117.NASL", "FEDORA_2020-C6B9FFF7F8.NASL", "FEDORA_2020-D171BF636D.NASL", "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL", "FREEBSD_PKG_C7617931898511EA93EFB42E99A1B9C3.NASL", "GENTOO_GLSA-202006-04.NASL", "MACOS_HT211289.NASL", "MACOS_HT211931.NASL", "NEWSTART_CGSL_NS-SA-2019-0194_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2019-0237_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2020-0030_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0073_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0024_OPENLDAP.NASL", "NEWSTART_CGSL_NS-SA-2021-0053_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2021-0095_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2021-0168_OPENLDAP.NASL", "NEWSTART_CGSL_NS-SA-2021-0180_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2022-0001_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "OPENSUSE-2019-1250.NASL", "OPENSUSE-2020-381.NASL", "OPENSUSE-2020-586.NASL", "OPENSUSE-2020-647.NASL", "OPENSUSE-2020-801.NASL", "OPENSUSE-2020-935.NASL", "OPENSUSE-2021-242.NASL", "ORACLELINUX_ELSA-2020-2082.NASL", "ORACLELINUX_ELSA-2020-2102.NASL", "ORACLELINUX_ELSA-2020-2103.NASL", "ORACLELINUX_ELSA-2020-4041.NASL", "ORACLELINUX_ELSA-2020-4444.NASL", "ORACLELINUX_ELSA-2020-5755.NASL", "ORACLELINUX_ELSA-2020-5756.NASL", "ORACLELINUX_ELSA-2021-0348.NASL", "ORACLELINUX_ELSA-2021-2587.NASL", "ORACLELINUX_ELSA-2021-2588.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "PHOTONOS_PHSA-2020-1_0-0293_GLIBC.NASL", "PHOTONOS_PHSA-2020-1_0-0293_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0293_OPENLDAP.NASL", "PHOTONOS_PHSA-2020-1_0-0294_RUBY.NASL", "PHOTONOS_PHSA-2020-1_0-0300_GLIBC.NASL", "PHOTONOS_PHSA-2020-2_0-0242_GLIBC.NASL", "PHOTONOS_PHSA-2020-2_0-0242_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0242_OPENLDAP.NASL", "PHOTONOS_PHSA-2020-2_0-0242_RUBY.NASL", "PHOTONOS_PHSA-2020-3_0-0089_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0089_OPENLDAP.NASL", "PHOTONOS_PHSA-2020-3_0-0089_RUBY.NASL", "REDHAT-RHSA-2019-2118.NASL", "REDHAT-RHSA-2019-3513.NASL", "REDHAT-RHSA-2020-2082.NASL", "REDHAT-RHSA-2020-2085.NASL", "REDHAT-RHSA-2020-2102.NASL", "REDHAT-RHSA-2020-2103.NASL", "REDHAT-RHSA-2020-2104.NASL", "REDHAT-RHSA-2020-2171.NASL", "REDHAT-RHSA-2020-2199.NASL", "REDHAT-RHSA-2020-2214.NASL", "REDHAT-RHSA-2020-2242.NASL", "REDHAT-RHSA-2020-2277.NASL", "REDHAT-RHSA-2020-2285.NASL", "REDHAT-RHSA-2020-2289.NASL", "REDHAT-RHSA-2020-2429.NASL", "REDHAT-RHSA-2020-2462.NASL", "REDHAT-RHSA-2020-2473.NASL", "REDHAT-RHSA-2020-2522.NASL", "REDHAT-RHSA-2020-2670.NASL", "REDHAT-RHSA-2020-4041.NASL", "REDHAT-RHSA-2020-4444.NASL", "REDHAT-RHSA-2021-0348.NASL", "REDHAT-RHSA-2021-2587.NASL", "REDHAT-RHSA-2021-2588.NASL", "REDHAT-RHSA-2021-2998.NASL", "REDHAT-RHSA-2021-3315.NASL", "REDHAT-RHSA-2022-0581.NASL", "REDHAT-RHSA-2022-0582.NASL", "ROCKY_LINUX_RLSA-2020-2462.NASL", "ROCKY_LINUX_RLSA-2021-2587.NASL", "ROCKY_LINUX_RLSA-2021-2588.NASL", "SLACKWARE_SSA_2020-163-01.NASL", "SL_20190806_GLIBC_ON_SL7_X.NASL", "SL_20200512_KERNEL_ON_SL6_X.NASL", "SL_20200512_KERNEL_ON_SL7_X.NASL", "SL_20201001_OPENLDAP_ON_SL7_X.NASL", "SL_20210202_GLIBC_ON_SL7_X.NASL", "SUSE_SU-2019-0903-1.NASL", "SUSE_SU-2019-1102-1.NASL", "SUSE_SU-2020-0668-1.NASL", "SUSE_SU-2020-0832-1.NASL", "SUSE_SU-2020-0995-1.NASL", "SUSE_SU-2020-1193-1.NASL", "SUSE_SU-2020-1210-1.NASL", "SUSE_SU-2020-1219-1.NASL", "SUSE_SU-2020-14358-1.NASL", "SUSE_SU-2020-1570-1.NASL", "SUSE_SU-2020-1587-1.NASL", "SUSE_SU-2020-1599-1.NASL", "SUSE_SU-2020-1602-1.NASL", "SUSE_SU-2020-1603-1.NASL", "SUSE_SU-2020-1605-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-2105-1.NASL", "SUSE_SU-2020-2134-1.NASL", "SUSE_SU-2020-2152-1.NASL", "SUSE_SU-2020-2487-1.NASL", "SUSE_SU-2020-3024-1.NASL", "UBUNTU_USN-4352-1.NASL", "UBUNTU_USN-4411-1.NASL", "UBUNTU_USN-4412-1.NASL", "UBUNTU_USN-4413-1.NASL", "UBUNTU_USN-4414-1.NASL", "UBUNTU_USN-4416-1.NASL", "UBUNTU_USN-4419-1.NASL", "UBUNTU_USN-4882-1.NASL", "VIRTUOZZO_VZA-2020-037.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704666", "OPENVAS:1361412562310704698", "OPENVAS:1361412562310704699", "OPENVAS:1361412562310704721", "OPENVAS:1361412562310844421", "OPENVAS:1361412562310844482", "OPENVAS:1361412562310844483", "OPENVAS:1361412562310844484", "OPENVAS:1361412562310844485", "OPENVAS:1361412562310844490", "OPENVAS:1361412562310844496", "OPENVAS:1361412562310852442", "OPENVAS:1361412562310853135", "OPENVAS:1361412562310853147", "OPENVAS:1361412562310853206", "OPENVAS:1361412562310853260", "OPENVAS:1361412562310877643", "OPENVAS:1361412562310877670", "OPENVAS:1361412562310877684", "OPENVAS:1361412562310877782", "OPENVAS:1361412562310877787", "OPENVAS:1361412562310877859", "OPENVAS:1361412562310877862", "OPENVAS:1361412562310877884", "OPENVAS:1361412562310877892", "OPENVAS:1361412562310877952", "OPENVAS:1361412562310877977", "OPENVAS:1361412562310883236", "OPENVAS:1361412562310892190", "OPENVAS:1361412562310892192", "OPENVAS:1361412562310892199", "OPENVAS:1361412562310892242", "OPENVAS:1361412562311220192155", "OPENVAS:1361412562311220192307", "OPENVAS:1361412562311220192476", "OPENVAS:1361412562311220201041", "OPENVAS:1361412562311220201229", "OPENVAS:1361412562311220201288", "OPENVAS:1361412562311220201369", "OPENVAS:1361412562311220201388", "OPENVAS:1361412562311220201478", "OPENVAS:1361412562311220201532", "OPENVAS:1361412562311220201585", "OPENVAS:1361412562311220201590", "OPENVAS:1361412562311220201592", "OPENVAS:1361412562311220201599", "OPENVAS:1361412562311220201612", "OPENVAS:1361412562311220201615", "OPENVAS:1361412562311220201667", "OPENVAS:1361412562311220201685", "OPENVAS:1361412562311220201686", "OPENVAS:1361412562311220201691", "OPENVAS:1361412562311220201698", "OPENVAS:1361412562311220201701", "OPENVAS:1361412562311220201712", "OPENVAS:1361412562311220201717", "OPENVAS:1361412562311220201739"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2118", "ELSA-2019-3513", "ELSA-2019-4753", "ELSA-2020-2082", "ELSA-2020-2102", "ELSA-2020-2103", "ELSA-2020-2427", "ELSA-2020-2430", "ELSA-2020-4041", "ELSA-2020-4060", "ELSA-2020-4444", "ELSA-2020-5724", "ELSA-2020-5755", "ELSA-2020-5756", "ELSA-2021-0348", "ELSA-2021-2587", "ELSA-2021-2588", "ELSA-2021-9002"]}, {"type": "osv", "idList": ["OSV:DLA-2190-1", "OSV:DLA-2192-1", "OSV:DLA-2199-1", "OSV:DLA-2242-1", "OSV:DSA-4666-1", "OSV:DSA-4698-1", "OSV:DSA-4699-1", "OSV:DSA-4721-1", "OSV:GHSA-JPHG-QWRW-7W9G"]}, {"type": "photon", "idList": ["PHSA-2020-0089", "PHSA-2020-0093", "PHSA-2020-0293", "PHSA-2020-0294", "PHSA-2020-0300", "PHSA-2020-1.0-0293", "PHSA-2020-1.0-0294", "PHSA-2020-1.0-0300", "PHSA-2020-2.0-0242", "PHSA-2020-3.0-0089", "PHSA-2020-3.0-0093"]}, {"type": "redhat", "idList": ["RHSA-2019:2118", "RHSA-2019:3513", "RHSA-2020:2082", "RHSA-2020:2085", "RHSA-2020:2102", "RHSA-2020:2103", "RHSA-2020:2104", "RHSA-2020:2125", "RHSA-2020:2171", "RHSA-2020:2199", "RHSA-2020:2203", "RHSA-2020:2214", "RHSA-2020:2242", "RHSA-2020:2277", "RHSA-2020:2285", "RHSA-2020:2289", "RHSA-2020:2291", "RHSA-2020:2429", "RHSA-2020:2462", "RHSA-2020:2473", "RHSA-2020:2519", "RHSA-2020:2522", "RHSA-2020:2670", "RHSA-2020:4041", "RHSA-2020:4254", "RHSA-2020:4255", "RHSA-2020:4264", "RHSA-2020:4298", "RHSA-2020:4444", "RHSA-2020:5149", "RHSA-2020:5364", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0050", "RHSA-2021:0146", "RHSA-2021:0190", "RHSA-2021:0348", "RHSA-2021:0436", "RHSA-2021:0607", "RHSA-2021:0719", "RHSA-2021:0778", "RHSA-2021:0799", "RHSA-2021:0949", "RHSA-2021:1129", "RHSA-2021:2104", "RHSA-2021:2230", "RHSA-2021:2587", "RHSA-2021:2588", "RHSA-2021:2998", "RHSA-2021:3315", "RHSA-2022:0581", "RHSA-2022:0582"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-18348", "RH:CVE-2020-10029", "RH:CVE-2020-10663", "RH:CVE-2020-10711", "RH:CVE-2020-10933", "RH:CVE-2020-12243"]}, {"type": "rocky", "idList": ["RLSA-2020:2462", "RLSA-2021:2587", "RLSA-2021:2588"]}, {"type": "rubygems", "idList": ["RUBY:JSON-2020-10663", "RUBY:RUBY-2020-10933"]}, {"type": "slackware", "idList": ["SSA-2020-163-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1250-1", "OPENSUSE-SU-2020:0381-1", "OPENSUSE-SU-2020:0586-1", "OPENSUSE-SU-2020:0647-1", "OPENSUSE-SU-2020:0801-1", "OPENSUSE-SU-2020:0935-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "ubuntu", "idList": ["USN-4352-1", "USN-4352-2", "USN-4411-1", "USN-4412-1", "USN-4413-1", "USN-4414-1", "USN-4416-1", "USN-4419-1", "USN-4882-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10739", "UB:CVE-2019-18348", "UB:CVE-2020-10029", "UB:CVE-2020-10663", "UB:CVE-2020-10711", "UB:CVE-2020-10933", "UB:CVE-2020-12243"]}, {"type": "veracode", "idList": ["VERACODE:21065", "VERACODE:22758", "VERACODE:25398", "VERACODE:26163", "VERACODE:26269", "VERACODE:27801"]}, {"type": "virtuozzo", "idList": ["VZA-2020-036", "VZA-2020-037", "VZA-2020-048"]}]}, "score": {"value": 1.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2587"]}, {"type": "amazon", "idList": ["ALAS-2019-1320", "ALAS-2020-1366", "ALAS-2020-1375", "ALAS-2021-1511"]}, {"type": "apple", "idList": ["APPLE:3D7765FAAA5588336144E1B60D0B775E"]}, {"type": "centos", "idList": ["CESA-2019:2118", "CESA-2020:2103"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0561"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:5D359B30C62666D917EB31596D1BFDE4", "CFOUNDRY:FF4932B5C8F02BCDD5166E1468967F16"]}, {"type": "cve", "idList": ["CVE-2016-10739", "CVE-2020-10663", "CVE-2020-10711", "CVE-2020-10933", "CVE-2020-12243"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2190-1:342CE", "DEBIAN:DLA-2199-1:53459", "DEBIAN:DLA-2242-1:573AF", "DEBIAN:DSA-4666-1:DF30C", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4699-1:122C4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-10739", "DEBIANCVE:CVE-2020-10029"]}, {"type": "f5", "idList": ["F5:K35040315"]}, {"type": "fedora", "idList": ["FEDORA:049BD604E7C5", "FEDORA:055473124314", "FEDORA:08C6260AAEC8", "FEDORA:15484608781D", "FEDORA:62D0460BC99C", "FEDORA:803AE30C6416", "FEDORA:A680A60877B2", "FEDORA:A9E386095B4D", "FEDORA:AAD0A60B6998", "FEDORA:C7F146099564", "FEDORA:C8A606087D99"]}, {"type": "freebsd", "idList": ["C7617931-8985-11EA-93EF-B42E99A1B9C3"]}, {"type": "gentoo", "idList": ["GLSA-202006-04"]}, {"type": "github", "idList": ["GHSA-JPHG-QWRW-7W9G"]}, {"type": "githubexploit", "idList": ["A7B3D8A2-6024-5329-87C3-9277F989B6A4"]}, {"type": "ibm", "idList": ["22DFDD1FF1BBF70D9C813ACA916818103631328A11AEED7718476AD8FD37F722", "3A0EC58D68A9FF044EFDD59A19016C7F96E811E1FC47D2E23F42FDF074B43F35", "6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96", "74EB94293C5F397767E62C9F6D734DE973B44B9B7EC427A98C99E92C3C3D6590", "DABA54C910D787AA9C35B75D7ABCC7D92583CC7B7E08D8777DA37589A3BB056B"]}, {"type": "kitploit", "idList": ["KITPLOIT:2401425074991132396"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ORACLE_LINUX-CVE-2020-10742/"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1425.NASL", "ALA_ALAS-2019-1320.NASL", "ALA_ALAS-2020-1366.NASL", "ALA_ALAS-2021-1511.NASL", "CENTOS_RHSA-2019-2118.NASL", "CENTOS_RHSA-2020-2103.NASL", "DEBIAN_DLA-2190.NASL", "DEBIAN_DLA-2192.NASL", "DEBIAN_DLA-2199.NASL", "DEBIAN_DSA-4666.NASL", "EULEROS_SA-2019-2155.NASL", "EULEROS_SA-2020-1514.NASL", "EULEROS_SA-2020-1585.NASL", "EULEROS_SA-2020-1590.NASL", "EULEROS_SA-2020-1592.NASL", "EULEROS_SA-2020-1599.NASL", "EULEROS_SA-2020-1612.NASL", "EULEROS_SA-2020-1615.NASL", "FEDORA_2020-26DF92331A.NASL", "FEDORA_2020-5A69DECC0C.NASL", "FEDORA_2020-A95706B117.NASL", "FEDORA_2020-C6B9FFF7F8.NASL", "FEDORA_2020-D171BF636D.NASL", "FREEBSD_PKG_C7617931898511EA93EFB42E99A1B9C3.NASL", "NEWSTART_CGSL_NS-SA-2020-0030_KERNEL.NASL", "OPENSUSE-2020-586.NASL", "OPENSUSE-2020-647.NASL", "ORACLELINUX_ELSA-2020-2082.NASL", "ORACLELINUX_ELSA-2020-2102.NASL", "ORACLELINUX_ELSA-2020-2103.NASL", "ORACLELINUX_ELSA-2021-2588.NASL", "PHOTONOS_PHSA-2020-1_0-0293_GLIBC.NASL", "PHOTONOS_PHSA-2020-1_0-0293_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0293_OPENLDAP.NASL", "PHOTONOS_PHSA-2020-1_0-0294_RUBY.NASL", "PHOTONOS_PHSA-2020-2_0-0242_GLIBC.NASL", "PHOTONOS_PHSA-2020-2_0-0242_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0242_OPENLDAP.NASL", "PHOTONOS_PHSA-2020-2_0-0242_RUBY.NASL", "PHOTONOS_PHSA-2020-3_0-0089_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0089_OPENLDAP.NASL", "PHOTONOS_PHSA-2020-3_0-0089_RUBY.NASL", "REDHAT-RHSA-2019-3513.NASL", "REDHAT-RHSA-2020-2082.NASL", "REDHAT-RHSA-2020-2085.NASL", "REDHAT-RHSA-2020-2102.NASL", "REDHAT-RHSA-2020-2103.NASL", "REDHAT-RHSA-2020-2104.NASL", "REDHAT-RHSA-2020-2171.NASL", "REDHAT-RHSA-2020-2199.NASL", "REDHAT-RHSA-2020-2214.NASL", "REDHAT-RHSA-2020-2242.NASL", "REDHAT-RHSA-2020-2277.NASL", "REDHAT-RHSA-2020-2285.NASL", "REDHAT-RHSA-2020-2289.NASL", "REDHAT-RHSA-2020-2429.NASL", "SLACKWARE_SSA_2020-163-01.NASL", "SL_20200512_KERNEL_ON_SL6_X.NASL", "SL_20200512_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2020-1193-1.NASL", "SUSE_SU-2020-1210-1.NASL", "SUSE_SU-2020-1219-1.NASL", "UBUNTU_USN-4352-1.NASL", "VIRTUOZZO_VZA-2020-037.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704666", "OPENVAS:1361412562310844421", "OPENVAS:1361412562310852442", "OPENVAS:1361412562310853135", "OPENVAS:1361412562310853147", "OPENVAS:1361412562310877782", "OPENVAS:1361412562310877787", "OPENVAS:1361412562310877859", "OPENVAS:1361412562310877862", "OPENVAS:1361412562310877884", "OPENVAS:1361412562310877892", "OPENVAS:1361412562310883236", "OPENVAS:1361412562310892190", "OPENVAS:1361412562310892199", "OPENVAS:1361412562311220201585", "OPENVAS:1361412562311220201592", "OPENVAS:1361412562311220201599", "OPENVAS:1361412562311220201612"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2118", "ELSA-2019-3513", "ELSA-2019-4753", "ELSA-2020-2082", "ELSA-2020-2102", "ELSA-2020-2103", "ELSA-2020-2427", "ELSA-2020-2430", "ELSA-2021-2588"]}, {"type": "photon", "idList": ["PHSA-2020-1.0-0293", "PHSA-2020-1.0-0294", "PHSA-2020-1.0-0300", "PHSA-2020-2.0-0242", "PHSA-2020-3.0-0089", "PHSA-2020-3.0-0093"]}, {"type": "redhat", "idList": ["RHSA-2020:2082", "RHSA-2020:2429"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-18348", "RH:CVE-2020-10029", "RH:CVE-2020-10663", "RH:CVE-2020-10711", "RH:CVE-2020-10933", "RH:CVE-2020-12243"]}, {"type": "rocky", "idList": ["RLSA-2020:2462", "RLSA-2021:2587", "RLSA-2021:2588"]}, {"type": "slackware", "idList": ["SSA-2020-163-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1250-1", "OPENSUSE-SU-2020:0586-1", "OPENSUSE-SU-2020:0647-1", "OPENSUSE-SU-2020:0801-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "ubuntu", "idList": ["USN-4352-1", "USN-4352-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-10029", "UB:CVE-2020-10663", "UB:CVE-2020-10711", "UB:CVE-2020-10933", "UB:CVE-2020-12243"]}, {"type": "virtuozzo", "idList": ["VZA-2020-037"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-10739", "epss": "0.000460000", "percentile": "0.139910000", "modified": "2023-03-17"}, {"cve": "CVE-2020-10029", "epss": "0.000630000", "percentile": "0.249030000", "modified": "2023-03-17"}, {"cve": "CVE-2020-10663", "epss": "0.002070000", "percentile": "0.569710000", "modified": "2023-03-17"}, {"cve": "CVE-2020-10711", "epss": "0.004370000", "percentile": "0.707340000", "modified": "2023-03-17"}, {"cve": "CVE-2020-10933", "epss": "0.007000000", "percentile": "0.772400000", "modified": "2023-03-17"}, {"cve": "CVE-2020-12243", "epss": "0.054050000", "percentile": "0.919270000", "modified": "2023-03-17"}], "vulnersScore": 1.7}, "_state": {"dependencies": 1660032824, "score": 1660034803, "epss": 1679176287}, "_internal": {"score_hash": "5a7fdacba31c291abf80775b6d084daa"}, "affectedPackage": [{"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-secure-lkcm-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-lkcm"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-aws-docs-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-docs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-drivers-gpu-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-drivers-gpu"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-3.ph2", "packageFilename": "linux-esx-devel-4.9.221-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.26-17.ph2", "packageFilename": "glibc-nscd-2.26-17.ph2.x86_64.rpm", "operator": "lt", "packageName": "glibc-nscd"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-aws-drivers-gpu-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-drivers-gpu"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-aws-oprofile-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-oprofile"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.26-17.ph2", "packageFilename": "glibc-iconv-2.26-17.ph2.x86_64.rpm", "operator": "lt", "packageName": "glibc-iconv"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-3.ph2", "packageFilename": "linux-esx-4.9.221-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-esx"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.26-17.ph2", "packageFilename": "glibc-lang-2.26-17.ph2.x86_64.rpm", "operator": "lt", "packageName": "glibc-lang"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-aws-sound-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-sound"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-devel-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-tools-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-tools"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-docs-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-docs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.4.48-2.ph2", "packageFilename": "openldap-2.4.48-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "openldap"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-secure-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-secure"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-aws-devel-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-secure-devel-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.26-17.ph2", "packageFilename": "glibc-i18n-2.26-17.ph2.x86_64.rpm", "operator": "lt", "packageName": "glibc-i18n"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.26-17.ph2", "packageFilename": "glibc-devel-2.26-17.ph2.x86_64.rpm", "operator": "lt", "packageName": "glibc-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-3.ph2", "packageFilename": "linux-esx-docs-4.9.221-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-docs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-oprofile-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-oprofile"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-aws-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.26-17.ph2", "packageFilename": "glibc-2.26-17.ph2.x86_64.rpm", "operator": "lt", "packageName": "glibc"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.5.8-1.ph2", "packageFilename": "ruby-2.5.8-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "ruby"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-secure-docs-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-docs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.26-17.ph2", "packageFilename": "glibc-tools-2.26-17.ph2.x86_64.rpm", "operator": "lt", "packageName": "glibc-tools"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.221-2.ph2", "packageFilename": "linux-sound-4.9.221-2.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-sound"}], "vendorCvss": {"severity": "important"}}

{"photon": [{"lastseen": "2021-11-03T08:56:56", "description": "An update of {'openldap', 'linux-aws', 'linux-secure', 'linux', 'ruby', 'glibc', 'linux-esx'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-05-13T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-2.0-0242", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739", "CVE-2020-10029", "CVE-2020-10711", "CVE-2020-10933", "CVE-2020-12243"], "modified": "2020-05-13T00:00:00", "id": "PHSA-2020-2.0-0242", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-242", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-16T05:40:33", "description": "Updates of ['ruby', 'openldap', 'linux-aws', 'linux-esx', 'linux', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-13T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0089", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10711", "CVE-2020-10933", "CVE-2020-12243"], "modified": "2020-05-13T00:00:00", "id": "PHSA-2020-3.0-0089", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-89", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-12T18:48:26", "description": "Updates of ['ruby', 'linux-esx', 'linux', 'openldap', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-13T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0089", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10711", "CVE-2020-10933", "CVE-2020-12243"], "modified": "2020-05-13T00:00:00", "id": "PHSA-2020-0089", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-89", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-03T11:49:28", "description": "An update of {'linux-esx', 'glibc', 'openldap', 'git', 'linux'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-05-12T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0293", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739", "CVE-2020-10711", "CVE-2020-11008", "CVE-2020-12243"], "modified": "2020-05-12T00:00:00", "id": "PHSA-2020-1.0-0293", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-12T18:01:14", "description": "Updates of ['git', 'linux', 'openldap', 'glibc', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-12T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0293", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739", "CVE-2020-10711", "CVE-2020-11008", "CVE-2020-12243"], "modified": "2020-05-12T00:00:00", "id": "PHSA-2020-0293", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-03T17:48:58", "description": "An update of {'salt', 'salt3', 'ruby'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-14T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0294", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933", "CVE-2020-11651", "CVE-2020-11652"], "modified": "2020-05-14T00:00:00", "id": "PHSA-2020-1.0-0294", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-294", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T17:55:53", "description": "Updates of ['salt3', 'salt', 'ruby'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-14T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0294", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933", "CVE-2020-11651", "CVE-2020-11652"], "modified": "2020-05-14T00:00:00", "id": "PHSA-2020-0294", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-294", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-16T05:39:59", "description": "Updates of ['ntp', 'linux-aws', 'json-c', 'linux-esx', 'linux-secure', 'git', 'glibc', 'linux'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0093", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739", "CVE-2019-18885", "CVE-2020-10029", "CVE-2020-11008", "CVE-2020-11868", "CVE-2020-12762"], "modified": "2020-05-20T00:00:00", "id": "PHSA-2020-3.0-0093", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-93", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:48:28", "description": "Updates of ['json-c', 'glibc', 'ntp', 'git', 'linux-esx', 'linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0093", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739", "CVE-2019-18885", "CVE-2020-10029", "CVE-2020-11008", "CVE-2020-11868", "CVE-2020-12762"], "modified": "2020-05-20T00:00:00", "id": "PHSA-2020-0093", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-93", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-25T14:34:40", "description": "An update of the glibc package has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-13T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Glibc PHSA-2020-2.0-0242", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739", "CVE-2020-10029"], "modified": "2020-05-15T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:glibc", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0242_GLIBC.NASL", "href": "https://www.tenable.com/plugins/nessus/136569", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0242. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136569);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/15\");\n\n script_cve_id(\"CVE-2016-10739\", \"CVE-2020-10029\");\n script_bugtraq_id(106672);\n\n script_name(english:\"Photon OS 2.0: Glibc PHSA-2020-2.0-0242\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the glibc package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-242.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"glibc-2.26-17.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"glibc-devel-2.26-17.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"glibc-i18n-2.26-17.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"glibc-iconv-2.26-17.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"glibc-lang-2.26-17.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"glibc-nscd-2.26-17.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"glibc-tools-2.26-17.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:37:25", "description": "Several vulnerabilities have been discovered in the interpreter for the Ruby language.\n\n - CVE-2020-10663 Jeremy Evans reported an unsafe object creation vulnerability in the json gem bundled with Ruby. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system.\n\n - CVE-2020-10933 Samuel Williams reported a flaw in the socket library which may lead to exposure of possibly sensitive data from the interpreter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "Debian DSA-4721-1 : ruby2.5 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby2.5", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4721.NASL", "href": "https://www.tenable.com/plugins/nessus/138227", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4721. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138227);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n script_xref(name:\"DSA\", value:\"4721\");\n\n script_name(english:\"Debian DSA-4721-1 : ruby2.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language.\n\n - CVE-2020-10663\n Jeremy Evans reported an unsafe object creation\n vulnerability in the json gem bundled with Ruby. When\n parsing certain JSON documents, the json gem can be\n coerced into creating arbitrary objects in the target\n system.\n\n - CVE-2020-10933\n Samuel Williams reported a flaw in the socket library\n which may lead to exposure of possibly sensitive data\n from the interpreter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-10663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-10933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/ruby2.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/ruby2.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4721\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the ruby2.5 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.5.5-3+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libruby2.5\", reference:\"2.5.5-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby2.5\", reference:\"2.5.5-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby2.5-dev\", reference:\"2.5.5-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby2.5-doc\", reference:\"2.5.5-3+deb10u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:34:28", "description": "An update of the ruby package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-18T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Ruby PHSA-2020-1.0-0294", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ruby", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0294_RUBY.NASL", "href": "https://www.tenable.com/plugins/nessus/136693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0294. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136693);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"Photon OS 1.0: Ruby PHSA-2020-1.0-0294\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the ruby package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-294.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"ruby-2.5.8-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-24T14:22:05", "description": "Update to Ruby 2.6.6. Also fixes CVE-2020-10933 and CVE-2020-10663.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "Fedora 31 : ruby (2020-a95706b117)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ruby", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-A95706B117.NASL", "href": "https://www.tenable.com/plugins/nessus/136781", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a95706b117.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136781);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n script_xref(name:\"FEDORA\", value:\"2020-a95706b117\");\n\n script_name(english:\"Fedora 31 : ruby (2020-a95706b117)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to Ruby 2.6.6. Also fixes CVE-2020-10933 and CVE-2020-10663.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a95706b117\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"ruby-2.6.6-125.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:34:19", "description": "This update for ruby2.5 to version 2.5.8 fixes the following issues :\n\n - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244).\n\n - CVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ruby2.5 (openSUSE-2020-586)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libruby2_5-2_5", "p-cpe:/a:novell:opensuse:libruby2_5-2_5-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.5", "p-cpe:/a:novell:opensuse:ruby2.5-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.5-debugsource", "p-cpe:/a:novell:opensuse:ruby2.5-devel", "p-cpe:/a:novell:opensuse:ruby2.5-devel-extra", "p-cpe:/a:novell:opensuse:ruby2.5-doc-ri", "p-cpe:/a:novell:opensuse:ruby2.5-stdlib", "p-cpe:/a:novell:opensuse:ruby2.5-stdlib-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-586.NASL", "href": "https://www.tenable.com/plugins/nessus/136309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-586.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136309);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"openSUSE Security Update : ruby2.5 (openSUSE-2020-586)\");\n script_summary(english:\"Check for the openSUSE-2020-586 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ruby2.5 to version 2.5.8 fixes the following issues :\n\n - CVE-2020-10663: Unsafe Object Creation Vulnerability in\n JSON (bsc#1167244).\n\n - CVE-2020-10933: Heap exposure vulnerability in the\n socket library (bsc#1168938).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168938\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ruby2.5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_5-2_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_5-2_5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-doc-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libruby2_5-2_5-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libruby2_5-2_5-debuginfo-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-debuginfo-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-debugsource-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-devel-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-devel-extra-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-doc-ri-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-stdlib-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-stdlib-debuginfo-2.5.8-lp151.4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby2_5-2_5 / libruby2_5-2_5-debuginfo / ruby2.5 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:34:18", "description": "An update of the ruby package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-13T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Ruby PHSA-2020-3.0-0089", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ruby", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0089_RUBY.NASL", "href": "https://www.tenable.com/plugins/nessus/136581", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0089. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136581);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"Photon OS 3.0: Ruby PHSA-2020-3.0-0089\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the ruby package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-89.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"ruby-2.5.8-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:31:51", "description": "This update for ruby2.5 to version 2.5.8 fixes the following issues :\n\nCVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244).\n\nCVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2020:0995-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libruby2_5", "p-cpe:/a:novell:suse_linux:libruby2_5-2_5-debuginfo", "p-cpe:/a:novell:suse_linux:ruby2.5", "p-cpe:/a:novell:suse_linux:ruby2.5-debuginfo", "p-cpe:/a:novell:suse_linux:ruby2.5-debugsource", "p-cpe:/a:novell:suse_linux:ruby2.5-devel", "p-cpe:/a:novell:suse_linux:ruby2.5-devel-extra", "p-cpe:/a:novell:suse_linux:ruby2.5-doc", "p-cpe:/a:novell:suse_linux:ruby2.5-stdlib", "p-cpe:/a:novell:suse_linux:ruby2.5-stdlib-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-0995-1.NASL", "href": "https://www.tenable.com/plugins/nessus/135671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0995-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135671);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2020:0995-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for ruby2.5 to version 2.5.8 fixes the following issues :\n\nCVE-2020-10663: Unsafe Object Creation Vulnerability in JSON\n(bsc#1167244).\n\nCVE-2020-10933: Heap exposure vulnerability in the socket library\n(bsc#1168938).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10663/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10933/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200995-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?99ee8ee0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-995=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2020-995=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libruby2_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libruby2_5-2_5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libruby2_5-2_5-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libruby2_5-2_5-debuginfo-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-debuginfo-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-debugsource-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-devel-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-devel-extra-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-doc-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-stdlib-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-stdlib-debuginfo-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libruby2_5-2_5-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libruby2_5-2_5-debuginfo-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-debuginfo-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-debugsource-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-devel-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-devel-extra-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-doc-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-stdlib-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-stdlib-debuginfo-2.5.8-4.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:34:29", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.(CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap.\n This may expose possibly sensitive data from the interpreter.(CVE-2020-10933)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1590)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1590.NASL", "href": "https://www.tenable.com/plugins/nessus/136868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136868);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1590)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby\n 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to\n creation of a malicious object within the interpreter,\n with adverse effects that are\n application-dependent.(CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7,\n 2.6.x through 2.6.5, and 2.7.0. If a victim calls\n BasicSocket#read_nonblock(requested_size, buffer,\n exception: false), the method resizes the buffer to fit\n the requested size, but no data is copied. Thus, the\n buffer string provides the previous value of the heap.\n This may expose possibly sensitive data from the\n interpreter.(CVE-2020-10933)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1590\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1126f8ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.5.1-98.h8.eulerosv2r8\",\n \"ruby-irb-2.5.1-98.h8.eulerosv2r8\",\n \"ruby-libs-2.5.1-98.h8.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:35:20", "description": "According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap.\n This may expose possibly sensitive data from the interpreter.(CVE-2020-10933)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.(CVE-2020-10663)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-25T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1691)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:rubygem-bigdecimal", "p-cpe:/a:huawei:euleros:rubygem-io-console", "p-cpe:/a:huawei:euleros:rubygem-json", "p-cpe:/a:huawei:euleros:rubygem-openssl", "p-cpe:/a:huawei:euleros:rubygem-psych", "p-cpe:/a:huawei:euleros:rubygem-rdoc", "p-cpe:/a:huawei:euleros:rubygems", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1691.NASL", "href": "https://www.tenable.com/plugins/nessus/137798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137798);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1691)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7,\n 2.6.x through 2.6.5, and 2.7.0. If a victim calls\n BasicSocket#read_nonblock(requested_size, buffer,\n exception: false), the method resizes the buffer to fit\n the requested size, but no data is copied. Thus, the\n buffer string provides the previous value of the heap.\n This may expose possibly sensitive data from the\n interpreter.(CVE-2020-10933)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby\n 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to\n creation of a malicious object within the interpreter,\n with adverse effects that are\n application-dependent.(CVE-2020-10663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1691\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e474eb4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.5.1-98.h8.eulerosv2r8\",\n \"ruby-irb-2.5.1-98.h8.eulerosv2r8\",\n \"ruby-libs-2.5.1-98.h8.eulerosv2r8\",\n \"rubygem-bigdecimal-1.3.4-98.h8.eulerosv2r8\",\n \"rubygem-io-console-0.4.6-98.h8.eulerosv2r8\",\n \"rubygem-json-2.1.0-98.h8.eulerosv2r8\",\n \"rubygem-openssl-2.1.0-98.h8.eulerosv2r8\",\n \"rubygem-psych-3.0.2-98.h8.eulerosv2r8\",\n \"rubygem-rdoc-6.0.1-98.h8.eulerosv2r8\",\n \"rubygems-2.7.6-98.h8.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:37:23", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4882-1 advisory.\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Ruby vulnerabilities (USN-4882-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663", "CVE-2020-10933", "CVE-2020-25613"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:libruby2.3", "p-cpe:/a:canonical:ubuntu_linux:libruby2.5", "p-cpe:/a:canonical:ubuntu_linux:libruby2.7", "p-cpe:/a:canonical:ubuntu_linux:ruby2.3", "p-cpe:/a:canonical:ubuntu_linux:ruby2.3-dev", "p-cpe:/a:canonical:ubuntu_linux:ruby2.3-tcltk", "p-cpe:/a:canonical:ubuntu_linux:ruby2.5", "p-cpe:/a:canonical:ubuntu_linux:ruby2.5-dev", "p-cpe:/a:canonical:ubuntu_linux:ruby2.7", "p-cpe:/a:canonical:ubuntu_linux:ruby2.7-dev"], "id": "UBUNTU_USN-4882-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147970", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4882-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147970);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\", \"CVE-2020-25613\");\n script_xref(name:\"USN\", value:\"4882-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Ruby vulnerabilities (USN-4882-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4882-1 advisory.\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls\n BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit\n the requested size, but no data is copied. Thus, the buffer string provides the previous value of the\n heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a\n simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An\n attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header\n check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4882-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25613\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.3-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.7-dev\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'libruby2.3', 'pkgver': '2.3.1-2~ubuntu16.04.15'},\n {'osver': '16.04', 'pkgname': 'ruby2.3', 'pkgver': '2.3.1-2~ubuntu16.04.15'},\n {'osver': '16.04', 'pkgname': 'ruby2.3-dev', 'pkgver': '2.3.1-2~ubuntu16.04.15'},\n {'osver': '16.04', 'pkgname': 'ruby2.3-tcltk', 'pkgver': '2.3.1-2~ubuntu16.04.15'},\n {'osver': '18.04', 'pkgname': 'libruby2.5', 'pkgver': '2.5.1-1ubuntu1.8'},\n {'osver': '18.04', 'pkgname': 'ruby2.5', 'pkgver': '2.5.1-1ubuntu1.8'},\n {'osver': '18.04', 'pkgname': 'ruby2.5-dev', 'pkgver': '2.5.1-1ubuntu1.8'},\n {'osver': '20.04', 'pkgname': 'libruby2.7', 'pkgver': '2.7.0-5ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'ruby2.7', 'pkgver': '2.7.0-5ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'ruby2.7-dev', 'pkgver': '2.7.0-5ubuntu1.3'},\n {'osver': '20.10', 'pkgname': 'libruby2.7', 'pkgver': '2.7.1-3ubuntu1.2'},\n {'osver': '20.10', 'pkgname': 'ruby2.7', 'pkgver': '2.7.1-3ubuntu1.2'},\n {'osver': '20.10', 'pkgname': 'ruby2.7-dev', 'pkgver': '2.7.1-3ubuntu1.2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libruby2.3 / libruby2.5 / libruby2.7 / ruby2.3 / ruby2.3-dev / etc');\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-10T14:50:33", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1517 advisory.\n\n - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. (CVE-2016-10739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : glibc (ALAS-2020-1517)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2020-10-28T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-all-langpacks", "p-cpe:/a:amazon:linux:glibc-benchtests", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-langpack-aa", "p-cpe:/a:amazon:linux:glibc-langpack-af", "p-cpe:/a:amazon:linux:glibc-langpack-ak", "p-cpe:/a:amazon:linux:glibc-langpack-am", "p-cpe:/a:amazon:linux:glibc-langpack-an", "p-cpe:/a:amazon:linux:glibc-langpack-anp", "p-cpe:/a:amazon:linux:glibc-langpack-ar", "p-cpe:/a:amazon:linux:glibc-langpack-as", "p-cpe:/a:amazon:linux:glibc-langpack-ast", "p-cpe:/a:amazon:linux:glibc-langpack-ayc", "p-cpe:/a:amazon:linux:glibc-langpack-az", "p-cpe:/a:amazon:linux:glibc-langpack-be", "p-cpe:/a:amazon:linux:glibc-langpack-bem", "p-cpe:/a:amazon:linux:glibc-langpack-ber", "p-cpe:/a:amazon:linux:glibc-langpack-bg", "p-cpe:/a:amazon:linux:glibc-langpack-bhb", "p-cpe:/a:amazon:linux:glibc-langpack-bho", "p-cpe:/a:amazon:linux:glibc-langpack-bn", "p-cpe:/a:amazon:linux:glibc-langpack-bo", "p-cpe:/a:amazon:linux:glibc-langpack-br", "p-cpe:/a:amazon:linux:glibc-langpack-brx", "p-cpe:/a:amazon:linux:glibc-langpack-bs", "p-cpe:/a:amazon:linux:glibc-langpack-byn", "p-cpe:/a:amazon:linux:glibc-langpack-ca", "p-cpe:/a:amazon:linux:glibc-langpack-ce", "p-cpe:/a:amazon:linux:glibc-langpack-chr", "p-cpe:/a:amazon:linux:glibc-langpack-cmn", "p-cpe:/a:amazon:linux:glibc-langpack-crh", "p-cpe:/a:amazon:linux:glibc-langpack-cs", "p-cpe:/a:amazon:linux:glibc-langpack-csb", "p-cpe:/a:amazon:linux:glibc-langpack-cv", "p-cpe:/a:amazon:linux:glibc-langpack-cy", "p-cpe:/a:amazon:linux:glibc-langpack-da", "p-cpe:/a:amazon:linux:glibc-langpack-de", "p-cpe:/a:amazon:linux:glibc-langpack-doi", "p-cpe:/a:amazon:linux:glibc-langpack-dv", "p-cpe:/a:amazon:linux:glibc-langpack-dz", "p-cpe:/a:amazon:linux:glibc-langpack-el", "p-cpe:/a:amazon:linux:glibc-langpack-en", "p-cpe:/a:amazon:linux:glibc-langpack-eo", "p-cpe:/a:amazon:linux:glibc-langpack-es", "p-cpe:/a:amazon:linux:glibc-langpack-et", "p-cpe:/a:amazon:linux:glibc-langpack-eu", "p-cpe:/a:amazon:linux:glibc-langpack-fa", "p-cpe:/a:amazon:linux:glibc-langpack-ff", "p-cpe:/a:amazon:linux:glibc-langpack-fi", "p-cpe:/a:amazon:linux:glibc-langpack-fil", "p-cpe:/a:amazon:linux:glibc-langpack-fo", "p-cpe:/a:amazon:linux:glibc-langpack-fr", "p-cpe:/a:amazon:linux:glibc-langpack-fur", "p-cpe:/a:amazon:linux:glibc-langpack-fy", "p-cpe:/a:amazon:linux:glibc-langpack-ga", "p-cpe:/a:amazon:linux:glibc-langpack-gd", "p-cpe:/a:amazon:linux:glibc-langpack-gez", "p-cpe:/a:amazon:linux:glibc-langpack-gl", "p-cpe:/a:amazon:linux:glibc-langpack-gu", "p-cpe:/a:amazon:linux:glibc-langpack-gv", "p-cpe:/a:amazon:linux:glibc-langpack-ha", "p-cpe:/a:amazon:linux:glibc-langpack-hak", "p-cpe:/a:amazon:linux:glibc-langpack-he", "p-cpe:/a:amazon:linux:glibc-langpack-hi", "p-cpe:/a:amazon:linux:glibc-langpack-hne", "p-cpe:/a:amazon:linux:glibc-langpack-hr", "p-cpe:/a:amazon:linux:glibc-langpack-hsb", "p-cpe:/a:amazon:linux:glibc-langpack-ht", "p-cpe:/a:amazon:linux:glibc-langpack-hu", "p-cpe:/a:amazon:linux:glibc-langpack-hy", "p-cpe:/a:amazon:linux:glibc-langpack-ia", "p-cpe:/a:amazon:linux:glibc-langpack-id", "p-cpe:/a:amazon:linux:glibc-langpack-ig", "p-cpe:/a:amazon:linux:glibc-langpack-ik", "p-cpe:/a:amazon:linux:glibc-langpack-is", "p-cpe:/a:amazon:linux:glibc-langpack-it", "p-cpe:/a:amazon:linux:glibc-langpack-iu", "p-cpe:/a:amazon:linux:glibc-langpack-ja", "p-cpe:/a:amazon:linux:glibc-langpack-ka", "p-cpe:/a:amazon:linux:glibc-langpack-kk", "p-cpe:/a:amazon:linux:glibc-langpack-kl", "p-cpe:/a:amazon:linux:glibc-langpack-km", "p-cpe:/a:amazon:linux:glibc-langpack-kn", "p-cpe:/a:amazon:linux:glibc-langpack-ko", "p-cpe:/a:amazon:linux:glibc-langpack-kok", "p-cpe:/a:amazon:linux:glibc-langpack-ks", "p-cpe:/a:amazon:linux:glibc-langpack-ku", "p-cpe:/a:amazon:linux:glibc-langpack-kw", "p-cpe:/a:amazon:linux:glibc-langpack-ky", "p-cpe:/a:amazon:linux:glibc-langpack-lb", "p-cpe:/a:amazon:linux:glibc-langpack-lg", "p-cpe:/a:amazon:linux:glibc-langpack-li", "p-cpe:/a:amazon:linux:glibc-langpack-lij", "p-cpe:/a:amazon:linux:glibc-langpack-ln", "p-cpe:/a:amazon:linux:glibc-langpack-lo", "p-cpe:/a:amazon:linux:glibc-langpack-lt", "p-cpe:/a:amazon:linux:glibc-langpack-lv", "p-cpe:/a:amazon:linux:glibc-langpack-lzh", "p-cpe:/a:amazon:linux:glibc-langpack-mag", "p-cpe:/a:amazon:linux:glibc-langpack-mai", "p-cpe:/a:amazon:linux:glibc-langpack-mg", "p-cpe:/a:amazon:linux:glibc-langpack-mhr", "p-cpe:/a:amazon:linux:glibc-langpack-mi", "p-cpe:/a:amazon:linux:glibc-langpack-mk", "p-cpe:/a:amazon:linux:glibc-langpack-ml", "p-cpe:/a:amazon:linux:glibc-langpack-mn", "p-cpe:/a:amazon:linux:glibc-langpack-mni", "p-cpe:/a:amazon:linux:glibc-langpack-mr", "p-cpe:/a:amazon:linux:glibc-langpack-ms", "p-cpe:/a:amazon:linux:glibc-langpack-mt", "p-cpe:/a:amazon:linux:glibc-langpack-my", "p-cpe:/a:amazon:linux:glibc-langpack-nan", "p-cpe:/a:amazon:linux:glibc-langpack-nb", "p-cpe:/a:amazon:linux:glibc-langpack-nds", "p-cpe:/a:amazon:linux:glibc-langpack-ne", "p-cpe:/a:amazon:linux:glibc-langpack-nhn", "p-cpe:/a:amazon:linux:glibc-langpack-niu", "p-cpe:/a:amazon:linux:glibc-langpack-nl", "p-cpe:/a:amazon:linux:glibc-langpack-nn", "p-cpe:/a:amazon:linux:glibc-langpack-nr", "p-cpe:/a:amazon:linux:glibc-langpack-nso", "p-cpe:/a:amazon:linux:glibc-langpack-oc", "p-cpe:/a:amazon:linux:glibc-langpack-om", "p-cpe:/a:amazon:linux:glibc-langpack-or", "p-cpe:/a:amazon:linux:glibc-langpack-os", "p-cpe:/a:amazon:linux:glibc-langpack-pa", "p-cpe:/a:amazon:linux:glibc-langpack-pap", "p-cpe:/a:amazon:linux:glibc-langpack-pl", "p-cpe:/a:amazon:linux:glibc-langpack-ps", "p-cpe:/a:amazon:linux:glibc-langpack-pt", "p-cpe:/a:amazon:linux:glibc-langpack-quz", "p-cpe:/a:amazon:linux:glibc-langpack-raj", "p-cpe:/a:amazon:linux:glibc-langpack-ro", "p-cpe:/a:amazon:linux:glibc-langpack-ru", "p-cpe:/a:amazon:linux:glibc-langpack-rw", "p-cpe:/a:amazon:linux:glibc-langpack-sa", "p-cpe:/a:amazon:linux:glibc-langpack-sat", "p-cpe:/a:amazon:linux:glibc-langpack-sc", "p-cpe:/a:amazon:linux:glibc-langpack-sd", "p-cpe:/a:amazon:linux:glibc-langpack-se", "p-cpe:/a:amazon:linux:glibc-langpack-sgs", "p-cpe:/a:amazon:linux:glibc-langpack-shs", "p-cpe:/a:amazon:linux:glibc-langpack-si", "p-cpe:/a:amazon:linux:glibc-langpack-sid", "p-cpe:/a:amazon:linux:glibc-langpack-sk", "p-cpe:/a:amazon:linux:glibc-langpack-sl", "p-cpe:/a:amazon:linux:glibc-langpack-so", "p-cpe:/a:amazon:linux:glibc-langpack-sq", "p-cpe:/a:amazon:linux:glibc-langpack-sr", "p-cpe:/a:amazon:linux:glibc-langpack-ss", "p-cpe:/a:amazon:linux:glibc-langpack-st", "p-cpe:/a:amazon:linux:glibc-langpack-sv", "p-cpe:/a:amazon:linux:glibc-langpack-sw", "p-cpe:/a:amazon:linux:glibc-langpack-szl", "p-cpe:/a:amazon:linux:glibc-langpack-ta", "p-cpe:/a:amazon:linux:glibc-langpack-tcy", "p-cpe:/a:amazon:linux:glibc-langpack-te", "p-cpe:/a:amazon:linux:glibc-langpack-tg", "p-cpe:/a:amazon:linux:glibc-langpack-th", "p-cpe:/a:amazon:linux:glibc-langpack-the", "p-cpe:/a:amazon:linux:glibc-langpack-ti", "p-cpe:/a:amazon:linux:glibc-langpack-tig", "p-cpe:/a:amazon:linux:glibc-langpack-tk", "p-cpe:/a:amazon:linux:glibc-langpack-tl", "p-cpe:/a:amazon:linux:glibc-langpack-tn", "p-cpe:/a:amazon:linux:glibc-langpack-tr", "p-cpe:/a:amazon:linux:glibc-langpack-ts", "p-cpe:/a:amazon:linux:glibc-langpack-tt", "p-cpe:/a:amazon:linux:glibc-langpack-ug", "p-cpe:/a:amazon:linux:glibc-langpack-uk", "p-cpe:/a:amazon:linux:glibc-langpack-unm", "p-cpe:/a:amazon:linux:glibc-langpack-ur", "p-cpe:/a:amazon:linux:glibc-langpack-uz", "p-cpe:/a:amazon:linux:glibc-langpack-ve", "p-cpe:/a:amazon:linux:glibc-langpack-vi", "p-cpe:/a:amazon:linux:glibc-langpack-wa", "p-cpe:/a:amazon:linux:glibc-langpack-wae", "p-cpe:/a:amazon:linux:glibc-langpack-wal", "p-cpe:/a:amazon:linux:glibc-langpack-wo", "p-cpe:/a:amazon:linux:glibc-langpack-xh", "p-cpe:/a:amazon:linux:glibc-langpack-yi", "p-cpe:/a:amazon:linux:glibc-langpack-yo", "p-cpe:/a:amazon:linux:glibc-langpack-yue", "p-cpe:/a:amazon:linux:glibc-langpack-zh", "p-cpe:/a:amazon:linux:glibc-langpack-zu", "p-cpe:/a:amazon:linux:glibc-locale-source", "p-cpe:/a:amazon:linux:glibc-minimal-langpack", "p-cpe:/a:amazon:linux:glibc-nss-devel", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:libcrypt", "p-cpe:/a:amazon:linux:libcrypt-nss", "p-cpe:/a:amazon:linux:nscd", "p-cpe:/a:amazon:linux:nss_db", "p-cpe:/a:amazon:linux:nss_hesiod", "p-cpe:/a:amazon:linux:nss_nis", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1517.NASL", "href": "https://www.tenable.com/plugins/nessus/141991", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1517.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141991);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/28\");\n\n script_cve_id(\"CVE-2016-10739\");\n script_bugtraq_id(106672);\n script_xref(name:\"ALAS\", value:\"2020-1517\");\n\n script_name(english:\"Amazon Linux 2 : glibc (ALAS-2020-1517)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2020-1517 advisory.\n\n - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse\n a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead\n applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded\n HTTP headers or other potentially dangerous substrings. (CVE-2016-10739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1517.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2016-10739\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update glibc' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-benchtests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-anp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ayc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bhb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bho\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-brx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-byn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-chr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-cmn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-crh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-cv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-doi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-dv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-dz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-gez\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-iu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-kl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-kok\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-kw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ky\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-li\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ln\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lzh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mag\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mhr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nhn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-niu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-om\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-os\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-pap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-quz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-raj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-rw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sgs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-shs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-st\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-szl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tcy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-the\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-unm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-wa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-wae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-wal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-wo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-yi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-yo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-yue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-zh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-minimal-langpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcrypt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss_db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss_hesiod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss_nis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'glibc-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-all-langpacks-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-all-langpacks-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-all-langpacks-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-benchtests-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-benchtests-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-benchtests-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-common-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-common-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-common-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-debuginfo-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-debuginfo-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-debuginfo-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-debuginfo-common-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-debuginfo-common-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-devel-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-devel-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-devel-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-headers-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-headers-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-headers-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-aa-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-aa-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-aa-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-af-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-af-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-af-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ak-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ak-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ak-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-am-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-am-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-am-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-an-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-an-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-an-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-anp-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-anp-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-anp-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ar-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ar-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ar-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-as-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-as-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-as-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ast-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ast-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ast-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ayc-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ayc-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ayc-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-az-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-az-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-az-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-be-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-be-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-be-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-bem-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-bem-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-bem-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ber-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ber-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ber-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-bg-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-bg-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-bg-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-bhb-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-bhb-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-bhb-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-bho-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-bho-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-bho-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-bn-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-bn-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-bn-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-bo-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-bo-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-bo-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-br-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-br-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-br-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-brx-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-brx-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-brx-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-bs-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-bs-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-bs-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-byn-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-byn-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-byn-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ca-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ca-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ca-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ce-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ce-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ce-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-chr-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-chr-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-chr-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-cmn-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-cmn-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-cmn-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-crh-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-crh-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-crh-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-cs-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-cs-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-cs-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-csb-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-csb-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-csb-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-cv-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-cv-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-cv-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-cy-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-cy-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-cy-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-da-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-da-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-da-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-de-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-de-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-de-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-doi-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-doi-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-doi-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-dv-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-dv-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-dv-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-dz-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-dz-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-dz-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-el-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-el-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-el-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-en-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-en-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-en-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-eo-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-eo-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-eo-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-es-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-es-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-es-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-et-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-et-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-et-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-eu-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-eu-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-eu-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-fa-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-fa-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-fa-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ff-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ff-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ff-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-fi-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-fi-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-fi-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-fil-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-fil-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-fil-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-fo-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-fo-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-fo-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-fr-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-fr-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-fr-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-fur-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-fur-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-fur-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-fy-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-fy-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-fy-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ga-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ga-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ga-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-gd-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-gd-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-gd-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-gez-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-gez-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-gez-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-gl-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-gl-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-gl-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-gu-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-gu-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-gu-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-gv-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-gv-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-gv-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ha-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ha-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ha-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-hak-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-hak-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-hak-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-he-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-he-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-he-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-hi-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-hi-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-hi-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-hne-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-hne-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-hne-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-hr-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-hr-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-hr-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-hsb-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-hsb-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-hsb-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ht-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ht-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ht-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-hu-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-hu-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-hu-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-hy-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-hy-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-hy-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ia-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ia-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ia-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-id-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-id-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-id-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ig-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ig-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ig-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ik-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ik-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ik-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-is-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-is-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-is-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-it-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-it-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-it-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-iu-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-iu-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-iu-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ja-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ja-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ja-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ka-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ka-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ka-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-kk-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-kk-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-kk-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-kl-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-kl-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-kl-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-km-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-km-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-km-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-kn-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-kn-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-kn-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ko-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ko-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ko-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-kok-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-kok-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-kok-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ks-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ks-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ks-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ku-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ku-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ku-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-kw-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-kw-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-kw-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ky-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ky-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ky-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-lb-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-lb-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-lb-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-lg-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-lg-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-lg-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-li-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-li-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-li-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-lij-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-lij-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-lij-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ln-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ln-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ln-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-lo-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-lo-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-lo-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-lt-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-lt-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-lt-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-lv-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-lv-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-lv-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-lzh-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-lzh-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-lzh-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-mag-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-mag-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-mag-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-mai-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-mai-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-mai-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-mg-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-mg-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-mg-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-mhr-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-mhr-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-mhr-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-mi-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-mi-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-mi-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-mk-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-mk-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-mk-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ml-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ml-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ml-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-mn-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-mn-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-mn-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-mni-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-mni-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-mni-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-mr-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-mr-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-mr-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ms-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ms-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ms-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-mt-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-mt-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-mt-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-my-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-my-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-my-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-nan-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-nan-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-nan-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-nb-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-nb-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-nb-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-nds-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-nds-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-nds-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ne-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ne-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ne-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-nhn-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-nhn-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-nhn-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-niu-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-niu-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-niu-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-nl-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-nl-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-nl-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-nn-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-nn-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-nn-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-nr-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-nr-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-nr-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-nso-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-nso-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-nso-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-oc-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-oc-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-oc-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-om-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-om-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-om-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-or-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-or-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-or-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-os-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-os-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-os-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-pa-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-pa-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-pa-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-pap-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-pap-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-pap-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-pl-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-pl-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-pl-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ps-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ps-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ps-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-pt-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-pt-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-pt-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-quz-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-quz-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-quz-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-raj-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-raj-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-raj-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ro-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ro-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ro-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ru-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ru-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ru-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-rw-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-rw-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-rw-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sa-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sa-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sa-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sat-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sat-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sat-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sc-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sc-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sc-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sd-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sd-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sd-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-se-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-se-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-se-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sgs-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sgs-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sgs-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-shs-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-shs-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-shs-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-si-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-si-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-si-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sid-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sid-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sid-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sk-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sk-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sk-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sl-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sl-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sl-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-so-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-so-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-so-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sq-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sq-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sq-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sr-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sr-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sr-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ss-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ss-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ss-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-st-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-st-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-st-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sv-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sv-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sv-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-sw-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-sw-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-sw-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-szl-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-szl-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-szl-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ta-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ta-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ta-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-tcy-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-tcy-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-tcy-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-te-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-te-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-te-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-tg-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-tg-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-tg-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-th-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-th-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-th-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-the-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-the-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-the-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ti-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ti-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ti-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-tig-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-tig-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-tig-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-tk-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-tk-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-tk-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-tl-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-tl-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-tl-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-tn-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-tn-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-tn-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-tr-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-tr-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-tr-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ts-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ts-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ts-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-tt-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-tt-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-tt-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ug-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ug-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ug-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-uk-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-uk-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-uk-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-unm-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-unm-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-unm-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ur-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ur-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ur-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-uz-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-uz-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-uz-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-ve-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-ve-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-ve-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-vi-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-vi-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-vi-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-wa-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-wa-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-wa-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-wae-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-wae-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-wae-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-wal-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-wal-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-wal-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-wo-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-wo-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-wo-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-xh-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-xh-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-xh-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-yi-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-yi-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-yi-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-yo-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-yo-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-yo-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-yue-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-yue-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-yue-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-zh-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-zh-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-zh-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-langpack-zu-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-langpack-zu-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-langpack-zu-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-locale-source-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-locale-source-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-locale-source-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-minimal-langpack-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-minimal-langpack-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-minimal-langpack-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-nss-devel-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-nss-devel-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-nss-devel-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-static-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-static-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-static-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'glibc-utils-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'glibc-utils-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'glibc-utils-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libcrypt-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libcrypt-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libcrypt-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libcrypt-nss-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libcrypt-nss-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libcrypt-nss-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'nscd-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'nscd-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'nscd-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'nss_db-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'nss_db-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'nss_db-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'nss_hesiod-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'nss_hesiod-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'nss_hesiod-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'nss_nis-2.26-36.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'nss_nis-2.26-36.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'nss_nis-2.26-36.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-all-langpacks / glibc-benchtests / etc\");\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:50", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3513 advisory.\n\n - glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : glibc (CESA-2019:3513)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:compat-libpthread-nonshared", "p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-all-langpacks", "p-cpe:/a:centos:centos:glibc-benchtests", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-langpack-aa", "p-cpe:/a:centos:centos:glibc-langpack-af", "p-cpe:/a:centos:centos:glibc-langpack-agr", "p-cpe:/a:centos:centos:glibc-langpack-ak", "p-cpe:/a:centos:centos:glibc-langpack-am", "p-cpe:/a:centos:centos:glibc-langpack-an", "p-cpe:/a:centos:centos:glibc-langpack-anp", "p-cpe:/a:centos:centos:glibc-langpack-ar", "p-cpe:/a:centos:centos:glibc-langpack-as", "p-cpe:/a:centos:centos:glibc-langpack-ast", "p-cpe:/a:centos:centos:glibc-langpack-ayc", "p-cpe:/a:centos:centos:glibc-langpack-az", "p-cpe:/a:centos:centos:glibc-langpack-be", "p-cpe:/a:centos:centos:glibc-langpack-bem", "p-cpe:/a:centos:centos:glibc-langpack-ber", "p-cpe:/a:centos:centos:glibc-langpack-bg", "p-cpe:/a:centos:centos:glibc-langpack-bhb", "p-cpe:/a:centos:centos:glibc-langpack-bho", "p-cpe:/a:centos:centos:glibc-langpack-bi", "p-cpe:/a:centos:centos:glibc-langpack-bn", "p-cpe:/a:centos:centos:glibc-langpack-bo", "p-cpe:/a:centos:centos:glibc-langpack-br", "p-cpe:/a:centos:centos:glibc-langpack-brx", "p-cpe:/a:centos:centos:glibc-langpack-bs", "p-cpe:/a:centos:centos:glibc-langpack-byn", "p-cpe:/a:centos:centos:glibc-langpack-ca", "p-cpe:/a:centos:centos:glibc-langpack-ce", "p-cpe:/a:centos:centos:glibc-langpack-chr", "p-cpe:/a:centos:centos:glibc-langpack-cmn", "p-cpe:/a:centos:centos:glibc-langpack-crh", "p-cpe:/a:centos:centos:glibc-langpack-cs", "p-cpe:/a:centos:centos:glibc-langpack-csb", "p-cpe:/a:centos:centos:glibc-langpack-cv", "p-cpe:/a:centos:centos:glibc-langpack-cy", "p-cpe:/a:centos:centos:glibc-langpack-da", "p-cpe:/a:centos:centos:glibc-langpack-de", "p-cpe:/a:centos:centos:glibc-langpack-doi", "p-cpe:/a:centos:centos:glibc-langpack-dsb", "p-cpe:/a:centos:centos:glibc-langpack-dv", "p-cpe:/a:centos:centos:glibc-langpack-dz", "p-cpe:/a:centos:centos:glibc-langpack-el", "p-cpe:/a:centos:centos:glibc-langpack-en", "p-cpe:/a:centos:centos:glibc-langpack-eo", "p-cpe:/a:centos:centos:glibc-langpack-es", "p-cpe:/a:centos:centos:glibc-langpack-et", "p-cpe:/a:centos:centos:glibc-langpack-eu", "p-cpe:/a:centos:centos:glibc-langpack-fa", "p-cpe:/a:centos:centos:glibc-langpack-ff", "p-cpe:/a:centos:centos:glibc-langpack-fi", "p-cpe:/a:centos:centos:glibc-langpack-fil", "p-cpe:/a:centos:centos:glibc-langpack-fo", "p-cpe:/a:centos:centos:glibc-langpack-fr", "p-cpe:/a:centos:centos:glibc-langpack-fur", "p-cpe:/a:centos:centos:glibc-langpack-fy", "p-cpe:/a:centos:centos:glibc-langpack-ga", "p-cpe:/a:centos:centos:glibc-langpack-gd", "p-cpe:/a:centos:centos:glibc-langpack-gez", "p-cpe:/a:centos:centos:glibc-langpack-gl", "p-cpe:/a:centos:centos:glibc-langpack-gu", "p-cpe:/a:centos:centos:glibc-langpack-gv", "p-cpe:/a:centos:centos:glibc-langpack-ha", "p-cpe:/a:centos:centos:glibc-langpack-hak", "p-cpe:/a:centos:centos:glibc-langpack-he", "p-cpe:/a:centos:centos:glibc-langpack-hi", "p-cpe:/a:centos:centos:glibc-langpack-hif", "p-cpe:/a:centos:centos:glibc-langpack-hne", "p-cpe:/a:centos:centos:glibc-langpack-hr", "p-cpe:/a:centos:centos:glibc-langpack-hsb", "p-cpe:/a:centos:centos:glibc-langpack-ht", "p-cpe:/a:centos:centos:glibc-langpack-hu", "p-cpe:/a:centos:centos:glibc-langpack-hy", "p-cpe:/a:centos:centos:glibc-langpack-ia", "p-cpe:/a:centos:centos:glibc-langpack-id", "p-cpe:/a:centos:centos:glibc-langpack-ig", "p-cpe:/a:centos:centos:glibc-langpack-ik", "p-cpe:/a:centos:centos:glibc-langpack-is", "p-cpe:/a:centos:centos:glibc-langpack-it", "p-cpe:/a:centos:centos:glibc-langpack-iu", "p-cpe:/a:centos:centos:glibc-langpack-ja", "p-cpe:/a:centos:centos:glibc-langpack-ka", "p-cpe:/a:centos:centos:glibc-langpack-kab", "p-cpe:/a:centos:centos:glibc-langpack-kk", "p-cpe:/a:centos:centos:glibc-langpack-kl", "p-cpe:/a:centos:centos:glibc-langpack-km", "p-cpe:/a:centos:centos:glibc-langpack-kn", "p-cpe:/a:centos:centos:glibc-langpack-ko", "p-cpe:/a:centos:centos:glibc-langpack-kok", "p-cpe:/a:centos:centos:glibc-langpack-ks", "p-cpe:/a:centos:centos:glibc-langpack-ku", "p-cpe:/a:centos:centos:glibc-langpack-kw", "p-cpe:/a:centos:centos:glibc-langpack-ky", "p-cpe:/a:centos:centos:glibc-langpack-lb", "p-cpe:/a:centos:centos:glibc-langpack-lg", "p-cpe:/a:centos:centos:glibc-langpack-li", "p-cpe:/a:centos:centos:glibc-langpack-lij", "p-cpe:/a:centos:centos:glibc-langpack-ln", "p-cpe:/a:centos:centos:glibc-langpack-lo", "p-cpe:/a:centos:centos:glibc-langpack-lt", "p-cpe:/a:centos:centos:glibc-langpack-lv", "p-cpe:/a:centos:centos:glibc-langpack-lzh", "p-cpe:/a:centos:centos:glibc-langpack-mag", "p-cpe:/a:centos:centos:glibc-langpack-mai", "p-cpe:/a:centos:centos:glibc-langpack-mfe", "p-cpe:/a:centos:centos:glibc-langpack-mg", "p-cpe:/a:centos:centos:glibc-langpack-mhr", "p-cpe:/a:centos:centos:glibc-langpack-mi", "p-cpe:/a:centos:centos:glibc-langpack-miq", "p-cpe:/a:centos:centos:glibc-langpack-mjw", "p-cpe:/a:centos:centos:glibc-langpack-mk", "p-cpe:/a:centos:centos:glibc-langpack-ml", "p-cpe:/a:centos:centos:glibc-langpack-mn", "p-cpe:/a:centos:centos:glibc-langpack-mni", "p-cpe:/a:centos:centos:glibc-langpack-mr", "p-cpe:/a:centos:centos:glibc-langpack-ms", "p-cpe:/a:centos:centos:glibc-langpack-mt", "p-cpe:/a:centos:centos:glibc-langpack-my", "p-cpe:/a:centos:centos:glibc-langpack-nan", "p-cpe:/a:centos:centos:glibc-langpack-nb", "p-cpe:/a:centos:centos:glibc-langpack-nds", "p-cpe:/a:centos:centos:glibc-langpack-ne", "p-cpe:/a:centos:centos:glibc-langpack-nhn", "p-cpe:/a:centos:centos:glibc-langpack-niu", "p-cpe:/a:centos:centos:glibc-langpack-nl", "p-cpe:/a:centos:centos:glibc-langpack-nn", "p-cpe:/a:centos:centos:glibc-langpack-nr", "p-cpe:/a:centos:centos:glibc-langpack-nso", "p-cpe:/a:centos:centos:glibc-langpack-oc", "p-cpe:/a:centos:centos:glibc-langpack-om", "p-cpe:/a:centos:centos:glibc-langpack-or", "p-cpe:/a:centos:centos:glibc-langpack-os", "p-cpe:/a:centos:centos:glibc-langpack-pa", "p-cpe:/a:centos:centos:glibc-langpack-pap", "p-cpe:/a:centos:centos:glibc-langpack-pl", "p-cpe:/a:centos:centos:glibc-langpack-ps", "p-cpe:/a:centos:centos:glibc-langpack-pt", "p-cpe:/a:centos:centos:glibc-langpack-quz", "p-cpe:/a:centos:centos:glibc-langpack-raj", "p-cpe:/a:centos:centos:glibc-langpack-ro", "p-cpe:/a:centos:centos:glibc-langpack-ru", "p-cpe:/a:centos:centos:glibc-langpack-rw", "p-cpe:/a:centos:centos:glibc-langpack-sa", "p-cpe:/a:centos:centos:glibc-langpack-sah", "p-cpe:/a:centos:centos:glibc-langpack-sat", "p-cpe:/a:centos:centos:glibc-langpack-sc", "p-cpe:/a:centos:centos:glibc-langpack-sd", "p-cpe:/a:centos:centos:glibc-langpack-se", "p-cpe:/a:centos:centos:glibc-langpack-sgs", "p-cpe:/a:centos:centos:glibc-langpack-shn", "p-cpe:/a:centos:centos:glibc-langpack-shs", "p-cpe:/a:centos:centos:glibc-langpack-si", "p-cpe:/a:centos:centos:glibc-langpack-sid", "p-cpe:/a:centos:centos:glibc-langpack-sk", "p-cpe:/a:centos:centos:glibc-langpack-sl", "p-cpe:/a:centos:centos:glibc-langpack-sm", "p-cpe:/a:centos:centos:glibc-langpack-so", "p-cpe:/a:centos:centos:glibc-langpack-sq", "p-cpe:/a:centos:centos:glibc-langpack-sr", "p-cpe:/a:centos:centos:glibc-langpack-ss", "p-cpe:/a:centos:centos:glibc-langpack-st", "p-cpe:/a:centos:centos:glibc-langpack-sv", "p-cpe:/a:centos:centos:glibc-langpack-sw", "p-cpe:/a:centos:centos:glibc-langpack-szl", "p-cpe:/a:centos:centos:glibc-langpack-ta", "p-cpe:/a:centos:centos:glibc-langpack-tcy", "p-cpe:/a:centos:centos:glibc-langpack-te", "p-cpe:/a:centos:centos:glibc-langpack-tg", "p-cpe:/a:centos:centos:glibc-langpack-th", "p-cpe:/a:centos:centos:glibc-langpack-the", "p-cpe:/a:centos:centos:glibc-langpack-ti", "p-cpe:/a:centos:centos:glibc-langpack-tig", "p-cpe:/a:centos:centos:glibc-langpack-tk", "p-cpe:/a:centos:centos:glibc-langpack-tl", "p-cpe:/a:centos:centos:glibc-langpack-tn", "p-cpe:/a:centos:centos:glibc-langpack-to", "p-cpe:/a:centos:centos:glibc-langpack-tpi", "p-cpe:/a:centos:centos:glibc-langpack-tr", "p-cpe:/a:centos:centos:glibc-langpack-ts", "p-cpe:/a:centos:centos:glibc-langpack-tt", "p-cpe:/a:centos:centos:glibc-langpack-ug", "p-cpe:/a:centos:centos:glibc-langpack-uk", "p-cpe:/a:centos:centos:glibc-langpack-unm", "p-cpe:/a:centos:centos:glibc-langpack-ur", "p-cpe:/a:centos:centos:glibc-langpack-uz", "p-cpe:/a:centos:centos:glibc-langpack-ve", "p-cpe:/a:centos:centos:glibc-langpack-vi", "p-cpe:/a:centos:centos:glibc-langpack-wa", "p-cpe:/a:centos:centos:glibc-langpack-wae", "p-cpe:/a:centos:centos:glibc-langpack-wal", "p-cpe:/a:centos:centos:glibc-langpack-wo", "p-cpe:/a:centos:centos:glibc-langpack-xh", "p-cpe:/a:centos:centos:glibc-langpack-yi", "p-cpe:/a:centos:centos:glibc-langpack-yo", "p-cpe:/a:centos:centos:glibc-langpack-yue", "p-cpe:/a:centos:centos:glibc-langpack-yuw", "p-cpe:/a:centos:centos:glibc-langpack-zh", "p-cpe:/a:centos:centos:glibc-langpack-zu", "p-cpe:/a:centos:centos:glibc-locale-source", "p-cpe:/a:centos:centos:glibc-minimal-langpack", "p-cpe:/a:centos:centos:glibc-nss-devel", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:libnsl", "p-cpe:/a:centos:centos:nscd", "p-cpe:/a:centos:centos:nss_db", "p-cpe:/a:centos:centos:nss_hesiod"], "id": "CENTOS8_RHSA-2019-3513.NASL", "href": "https://www.tenable.com/plugins/nessus/145667", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3513. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145667);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2016-10739\");\n script_bugtraq_id(106672);\n script_xref(name:\"RHSA\", value:\"2019:3513\");\n\n script_name(english:\"CentOS 8 : glibc (CESA-2019:3513)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2019:3513 advisory.\n\n - glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3513\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:compat-libpthread-nonshared\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-benchtests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-agr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-anp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ayc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-bem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-bhb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-bho\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-bi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-bo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-brx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-byn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-chr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-cmn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-crh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-cv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-doi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-dv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-dz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-fil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-fo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-fur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-gez\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-hak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-hif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-hne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-iu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-kl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-kok\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-kw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ky\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-lb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-li\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ln\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-lo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-lzh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mag\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mfe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mhr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-miq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mjw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-mt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-nan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-nds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-nhn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-niu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-nr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-om\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-os\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-pap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-quz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-raj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-rw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sgs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-shn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-shs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-st\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-szl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-tcy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-tg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-the\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-tig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-to\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-tpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-tt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-unm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-ve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-wa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-wae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-wal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-wo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-yi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-yo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-yue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-yuw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-zh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-langpack-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-minimal-langpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss_db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss_hesiod\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'compat-libpthread-nonshared-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'compat-libpthread-nonshared-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-all-langpacks-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-all-langpacks-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-benchtests-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-benchtests-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-aa-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-aa-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-af-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-af-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-agr-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-agr-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ak-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ak-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-am-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-am-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-an-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-an-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-anp-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-anp-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ar-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ar-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-as-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-as-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ast-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ast-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ayc-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ayc-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-az-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-az-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-be-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-be-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bem-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bem-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ber-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ber-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bg-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bg-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bhb-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bhb-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bho-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bho-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bi-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bi-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bn-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bn-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bo-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bo-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-br-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-br-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-brx-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-brx-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bs-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bs-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-byn-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-byn-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ca-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ca-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ce-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ce-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-chr-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-chr-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cmn-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cmn-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-crh-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-crh-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cs-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cs-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-csb-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-csb-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cv-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cv-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cy-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cy-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-da-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-da-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-de-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-de-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-doi-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-doi-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dsb-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dsb-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dv-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dv-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dz-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dz-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-el-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-el-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-en-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-en-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eo-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eo-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-es-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-es-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-et-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-et-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eu-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eu-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fa-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fa-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ff-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ff-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fi-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fi-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fil-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fil-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fo-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fo-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fr-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fr-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fur-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fur-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fy-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fy-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ga-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ga-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gd-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gd-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gez-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gez-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gl-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gl-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gu-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gu-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gv-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gv-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ha-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ha-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hak-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hak-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-he-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-he-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hi-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hi-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hif-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hif-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hne-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hne-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hr-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hr-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hsb-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hsb-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ht-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ht-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hu-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hu-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hy-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hy-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ia-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ia-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-id-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-id-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ig-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ig-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ik-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ik-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-is-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-is-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-it-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-it-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-iu-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-iu-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ja-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ja-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ka-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ka-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kab-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kab-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kk-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kk-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kl-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kl-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-km-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-km-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kn-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kn-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ko-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ko-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kok-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kok-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ks-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ks-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ku-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ku-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kw-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kw-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ky-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ky-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lb-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lb-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lg-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lg-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-li-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-li-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lij-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lij-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ln-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ln-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lo-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lo-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lt-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lt-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lv-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lv-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lzh-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lzh-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mag-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mag-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mai-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mai-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mfe-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mfe-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mg-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mg-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mhr-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mhr-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mi-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mi-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-miq-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-miq-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mjw-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mjw-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mk-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mk-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ml-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ml-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mn-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mn-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mni-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mni-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mr-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mr-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ms-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ms-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mt-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mt-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-my-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-my-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nan-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nan-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nb-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nb-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nds-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nds-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ne-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ne-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nhn-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nhn-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-niu-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-niu-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nl-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nl-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nn-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nn-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nr-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nr-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nso-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nso-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-oc-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-oc-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-om-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-om-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-or-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-or-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-os-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-os-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pa-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pa-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pap-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pap-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pl-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pl-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ps-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ps-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pt-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pt-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-quz-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-quz-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-raj-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-raj-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ro-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ro-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ru-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ru-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-rw-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-rw-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sa-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sa-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sah-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sah-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sat-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sat-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sc-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sc-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sd-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sd-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-se-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-se-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sgs-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sgs-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shn-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shn-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shs-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shs-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-si-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-si-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sid-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sid-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sk-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sk-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sl-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sl-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sm-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sm-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-so-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-so-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sq-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sq-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sr-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sr-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ss-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ss-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-st-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-st-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sv-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sv-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sw-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sw-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-szl-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-szl-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ta-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ta-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tcy-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tcy-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-te-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-te-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tg-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tg-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-th-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-th-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-the-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-the-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ti-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ti-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tig-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tig-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tk-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tk-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tl-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tl-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tn-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tn-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-to-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-to-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tpi-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tpi-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tr-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tr-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ts-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ts-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tt-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tt-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ug-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ug-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uk-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uk-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-unm-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-unm-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ur-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ur-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uz-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uz-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ve-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ve-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-vi-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-vi-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wa-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wa-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wae-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wae-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wal-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wal-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wo-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wo-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-xh-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-xh-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yi-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yi-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yo-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yo-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yue-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yue-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yuw-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yuw-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zh-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zh-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zu-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zu-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-locale-source-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-locale-source-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-minimal-langpack-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-minimal-langpack-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-nss-devel-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-nss-devel-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnsl-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnsl-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_db-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_db-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_hesiod-2.28-72.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_hesiod-2.28-72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'compat-libpthread-nonshared / glibc / glibc-all-langpacks / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:52:45", "description": "This update for glibc fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729).\n\nOther issue fixed :\n\n - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045).\n\n - Added new Japanese Era name support (bsc#1100396).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2019-04-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-2019-1250)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-32bit-debuginfo", "p-cpe:/a:novell:opensuse:glibc-debuginfo", "p-cpe:/a:novell:opensuse:glibc-debugsource", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-32bit-debuginfo", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo", "p-cpe:/a:novell:opensuse:glibc-devel-static", "p-cpe:/a:novell:opensuse:glibc-devel-static-32bit", "p-cpe:/a:novell:opensuse:glibc-extra", "p-cpe:/a:novell:opensuse:glibc-extra-debuginfo", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-base", "p-cpe:/a:novell:opensuse:glibc-locale-base-32bit", "p-cpe:/a:novell:opensuse:glibc-locale-base-32bit-debuginfo", "p-cpe:/a:novell:opensuse:glibc-locale-base-debuginfo", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:glibc-utils", "p-cpe:/a:novell:opensuse:glibc-utils-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-32bit-debuginfo", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo", "p-cpe:/a:novell:opensuse:glibc-utils-src-debugsource", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:nscd-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1250.NASL", "href": "https://www.tenable.com/plugins/nessus/124216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1250.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124216);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10739\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-2019-1250)\");\n script_summary(english:\"Check for the openSUSE-2019-1250 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glibc fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-10739: Fixed an improper implementation of\n getaddrinfo function which could allow applications to\n incorrectly assume that had parsed a valid string,\n without the possibility of embedded HTTP headers or\n other potentially dangerous substrings (bsc#1122729).\n\nOther issue fixed :\n\n - Fixed an issue where pthread_mutex_trylock did not use a\n correct order of instructions while maintained the\n robust mutex list due to missing compiler barriers\n (bsc#1130045).\n\n - Added new Japanese Era name support (bsc#1100396).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130045\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-base-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-src-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-debuginfo-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-debugsource-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-devel-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-devel-debuginfo-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-devel-static-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-extra-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-extra-debuginfo-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-html-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-i18ndata-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-info-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-locale-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-locale-base-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-locale-base-debuginfo-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-profile-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-utils-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-utils-debuginfo-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glibc-utils-src-debugsource-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nscd-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nscd-debuginfo-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glibc-32bit-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glibc-32bit-debuginfo-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-debuginfo-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glibc-devel-static-32bit-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glibc-locale-base-32bit-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glibc-locale-base-32bit-debuginfo-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-2.26-lp150.11.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-debuginfo-2.26-lp150.11.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-debuginfo / glibc-debugsource / glibc-devel / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:23:24", "description": "An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2019-08-30T00:00:00", "type": "nessus", "title": "CentOS 7 : glibc (CESA-2019:2118)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-2118.NASL", "href": "https://www.tenable.com/plugins/nessus/128355", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2118 and \n# CentOS Errata and Security Advisory 2019:2118 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128355);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2016-10739\");\n script_xref(name:\"RHSA\", value:\"2019:2118\");\n\n script_name(english:\"CentOS 7 : glibc (CESA-2019:2118)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* glibc: getaddrinfo should reject IP addresses with trailing\ncharacters (CVE-2016-10739)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/005886.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8812730f\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-September/006198.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43b68e54\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10739\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nscd-2.17-292.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:31:35", "description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. (CVE-2016-10739)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2019-11-25T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2019-1320)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1320.NASL", "href": "https://www.tenable.com/plugins/nessus/131240", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1320.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131240);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2016-10739\");\n script_xref(name:\"ALAS\", value:\"2019-1320\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2019-1320)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In the GNU C Library (aka glibc or libc6) through 2.28, the\ngetaddrinfo function would successfully parse a string that contained\nan IPv4 address followed by whitespace and arbitrary characters, which\ncould lead applications to incorrectly assume that it had parsed a\nvalid string, without the possibility of embedded HTTP headers or\nother potentially dangerous substrings. (CVE-2016-10739)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1320.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update glibc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.17-292.178.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.17-292.178.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.17-292.178.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.17-292.178.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.17-292.178.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.17-292.178.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.17-292.178.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.17-292.178.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.17-292.178.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-12T15:31:55", "description": "According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.(CVE-2016-10739)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : glibc (EulerOS-SA-2019-2307)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-all-langpacks", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-langpack-aa", "p-cpe:/a:huawei:euleros:glibc-langpack-af", "p-cpe:/a:huawei:euleros:glibc-langpack-agr", "p-cpe:/a:huawei:euleros:glibc-langpack-ak", "p-cpe:/a:huawei:euleros:glibc-langpack-am", "p-cpe:/a:huawei:euleros:glibc-langpack-an", "p-cpe:/a:huawei:euleros:glibc-langpack-anp", "p-cpe:/a:huawei:euleros:glibc-langpack-ar", "p-cpe:/a:huawei:euleros:glibc-langpack-as", "p-cpe:/a:huawei:euleros:glibc-langpack-ast", "p-cpe:/a:huawei:euleros:glibc-langpack-ayc", "p-cpe:/a:huawei:euleros:glibc-langpack-az", "p-cpe:/a:huawei:euleros:glibc-langpack-be", "p-cpe:/a:huawei:euleros:glibc-langpack-bem", "p-cpe:/a:huawei:euleros:glibc-langpack-ber", "p-cpe:/a:huawei:euleros:glibc-langpack-bg", "p-cpe:/a:huawei:euleros:glibc-langpack-bhb", "p-cpe:/a:huawei:euleros:glibc-langpack-bho", "p-cpe:/a:huawei:euleros:glibc-langpack-bi", "p-cpe:/a:huawei:euleros:glibc-langpack-bn", "p-cpe:/a:huawei:euleros:glibc-langpack-bo", "p-cpe:/a:huawei:euleros:glibc-langpack-br", "p-cpe:/a:huawei:euleros:glibc-langpack-brx", "p-cpe:/a:huawei:euleros:glibc-langpack-bs", "p-cpe:/a:huawei:euleros:glibc-langpack-byn", "p-cpe:/a:huawei:euleros:glibc-langpack-ca", "p-cpe:/a:huawei:euleros:glibc-langpack-ce", "p-cpe:/a:huawei:euleros:glibc-langpack-chr", "p-cpe:/a:huawei:euleros:glibc-langpack-cmn", "p-cpe:/a:huawei:euleros:glibc-langpack-crh", "p-cpe:/a:huawei:euleros:glibc-langpack-cs", "p-cpe:/a:huawei:euleros:glibc-langpack-csb", "p-cpe:/a:huawei:euleros:glibc-langpack-cv", "p-cpe:/a:huawei:euleros:glibc-langpack-cy", "p-cpe:/a:huawei:euleros:glibc-langpack-da", "p-cpe:/a:huawei:euleros:glibc-langpack-de", "p-cpe:/a:huawei:euleros:glibc-langpack-doi", "p-cpe:/a:huawei:euleros:glibc-langpack-dsb", "p-cpe:/a:huawei:euleros:glibc-langpack-dv", "p-cpe:/a:huawei:euleros:glibc-langpack-dz", "p-cpe:/a:huawei:euleros:glibc-langpack-el", "p-cpe:/a:huawei:euleros:glibc-langpack-en", "p-cpe:/a:huawei:euleros:glibc-langpack-eo", "p-cpe:/a:huawei:euleros:glibc-langpack-es", "p-cpe:/a:huawei:euleros:glibc-langpack-et", "p-cpe:/a:huawei:euleros:glibc-langpack-eu", "p-cpe:/a:huawei:euleros:glibc-langpack-fa", "p-cpe:/a:huawei:euleros:glibc-langpack-ff", "p-cpe:/a:huawei:euleros:glibc-langpack-fi", "p-cpe:/a:huawei:euleros:glibc-langpack-fil", "p-cpe:/a:huawei:euleros:glibc-langpack-fo", "p-cpe:/a:huawei:euleros:glibc-langpack-fr", "p-cpe:/a:huawei:euleros:glibc-langpack-fur", "p-cpe:/a:huawei:euleros:glibc-langpack-fy", "p-cpe:/a:huawei:euleros:glibc-langpack-ga", "p-cpe:/a:huawei:euleros:glibc-langpack-gd", "p-cpe:/a:huawei:euleros:glibc-langpack-gez", "p-cpe:/a:huawei:euleros:glibc-langpack-gl", "p-cpe:/a:huawei:euleros:glibc-langpack-gu", "p-cpe:/a:huawei:euleros:glibc-langpack-gv", "p-cpe:/a:huawei:euleros:glibc-langpack-ha", "p-cpe:/a:huawei:euleros:glibc-langpack-hak", "p-cpe:/a:huawei:euleros:glibc-langpack-he", "p-cpe:/a:huawei:euleros:glibc-langpack-hi", "p-cpe:/a:huawei:euleros:glibc-langpack-hif", "p-cpe:/a:huawei:euleros:glibc-langpack-hne", "p-cpe:/a:huawei:euleros:glibc-langpack-hr", "p-cpe:/a:huawei:euleros:glibc-langpack-hsb", "p-cpe:/a:huawei:euleros:glibc-langpack-ht", "p-cpe:/a:huawei:euleros:glibc-langpack-hu", "p-cpe:/a:huawei:euleros:glibc-langpack-hy", "p-cpe:/a:huawei:euleros:glibc-langpack-ia", "p-cpe:/a:huawei:euleros:glibc-langpack-id", "p-cpe:/a:huawei:euleros:glibc-langpack-ig", "p-cpe:/a:huawei:euleros:glibc-langpack-ik", "p-cpe:/a:huawei:euleros:glibc-langpack-is", "p-cpe:/a:huawei:euleros:glibc-langpack-it", "p-cpe:/a:huawei:euleros:glibc-langpack-iu", "p-cpe:/a:huawei:euleros:glibc-langpack-ja", "p-cpe:/a:huawei:euleros:glibc-langpack-ka", "p-cpe:/a:huawei:euleros:glibc-langpack-kab", "p-cpe:/a:huawei:euleros:glibc-langpack-kk", "p-cpe:/a:huawei:euleros:glibc-langpack-kl", "p-cpe:/a:huawei:euleros:glibc-langpack-km", "p-cpe:/a:huawei:euleros:glibc-langpack-kn", "p-cpe:/a:huawei:euleros:glibc-langpack-ko", "p-cpe:/a:huawei:euleros:glibc-langpack-kok", "p-cpe:/a:huawei:euleros:glibc-langpack-ks", "p-cpe:/a:huawei:euleros:glibc-langpack-ku", "p-cpe:/a:huawei:euleros:glibc-langpack-kw", "p-cpe:/a:huawei:euleros:glibc-langpack-ky", "p-cpe:/a:huawei:euleros:glibc-langpack-lb", "p-cpe:/a:huawei:euleros:glibc-langpack-lg", "p-cpe:/a:huawei:euleros:glibc-langpack-li", "p-cpe:/a:huawei:euleros:glibc-langpack-lij", "p-cpe:/a:huawei:euleros:glibc-langpack-ln", "p-cpe:/a:huawei:euleros:glibc-langpack-lo", "p-cpe:/a:huawei:euleros:glibc-langpack-lt", "p-cpe:/a:huawei:euleros:glibc-langpack-lv", "p-cpe:/a:huawei:euleros:glibc-langpack-lzh", "p-cpe:/a:huawei:euleros:glibc-langpack-mag", "p-cpe:/a:huawei:euleros:glibc-langpack-mai", "p-cpe:/a:huawei:euleros:glibc-langpack-mfe", "p-cpe:/a:huawei:euleros:glibc-langpack-mg", "p-cpe:/a:huawei:euleros:glibc-langpack-mhr", "p-cpe:/a:huawei:euleros:glibc-langpack-mi", "p-cpe:/a:huawei:euleros:glibc-langpack-miq", "p-cpe:/a:huawei:euleros:glibc-langpack-mjw", "p-cpe:/a:huawei:euleros:glibc-langpack-mk", "p-cpe:/a:huawei:euleros:glibc-langpack-ml", "p-cpe:/a:huawei:euleros:glibc-langpack-mn", "p-cpe:/a:huawei:euleros:glibc-langpack-mni", "p-cpe:/a:huawei:euleros:glibc-langpack-mr", "p-cpe:/a:huawei:euleros:glibc-langpack-ms", "p-cpe:/a:huawei:euleros:glibc-langpack-mt", "p-cpe:/a:huawei:euleros:glibc-langpack-my", "p-cpe:/a:huawei:euleros:glibc-langpack-nan", "p-cpe:/a:huawei:euleros:glibc-langpack-nb", "p-cpe:/a:huawei:euleros:glibc-langpack-nds", "p-cpe:/a:huawei:euleros:glibc-langpack-ne", "p-cpe:/a:huawei:euleros:glibc-langpack-nhn", "p-cpe:/a:huawei:euleros:glibc-langpack-niu", "p-cpe:/a:huawei:euleros:glibc-langpack-nl", "p-cpe:/a:huawei:euleros:glibc-langpack-nn", "p-cpe:/a:huawei:euleros:glibc-langpack-nr", "p-cpe:/a:huawei:euleros:glibc-langpack-nso", "p-cpe:/a:huawei:euleros:glibc-langpack-oc", "p-cpe:/a:huawei:euleros:glibc-langpack-om", "p-cpe:/a:huawei:euleros:glibc-langpack-or", "p-cpe:/a:huawei:euleros:glibc-langpack-os", "p-cpe:/a:huawei:euleros:glibc-langpack-pa", "p-cpe:/a:huawei:euleros:glibc-langpack-pap", "p-cpe:/a:huawei:euleros:glibc-langpack-pl", "p-cpe:/a:huawei:euleros:glibc-langpack-ps", "p-cpe:/a:huawei:euleros:glibc-langpack-pt", "p-cpe:/a:huawei:euleros:glibc-langpack-quz", "p-cpe:/a:huawei:euleros:glibc-langpack-raj", "p-cpe:/a:huawei:euleros:glibc-langpack-ro", "p-cpe:/a:huawei:euleros:glibc-langpack-ru", "p-cpe:/a:huawei:euleros:glibc-langpack-rw", "p-cpe:/a:huawei:euleros:glibc-langpack-sa", "p-cpe:/a:huawei:euleros:glibc-langpack-sah", "p-cpe:/a:huawei:euleros:glibc-langpack-sat", "p-cpe:/a:huawei:euleros:glibc-langpack-sc", "p-cpe:/a:huawei:euleros:glibc-langpack-sd", "p-cpe:/a:huawei:euleros:glibc-langpack-se", "p-cpe:/a:huawei:euleros:glibc-langpack-sgs", "p-cpe:/a:huawei:euleros:glibc-langpack-shn", "p-cpe:/a:huawei:euleros:glibc-langpack-shs", "p-cpe:/a:huawei:euleros:glibc-langpack-si", "p-cpe:/a:huawei:euleros:glibc-langpack-sid", "p-cpe:/a:huawei:euleros:glibc-langpack-sk", "p-cpe:/a:huawei:euleros:glibc-langpack-sl", "p-cpe:/a:huawei:euleros:glibc-langpack-sm", "p-cpe:/a:huawei:euleros:glibc-langpack-so", "p-cpe:/a:huawei:euleros:glibc-langpack-sq", "p-cpe:/a:huawei:euleros:glibc-langpack-sr", "p-cpe:/a:huawei:euleros:glibc-langpack-ss", "p-cpe:/a:huawei:euleros:glibc-langpack-st", "p-cpe:/a:huawei:euleros:glibc-langpack-sv", "p-cpe:/a:huawei:euleros:glibc-langpack-sw", "p-cpe:/a:huawei:euleros:glibc-langpack-szl", "p-cpe:/a:huawei:euleros:glibc-langpack-ta", "p-cpe:/a:huawei:euleros:glibc-langpack-tcy", "p-cpe:/a:huawei:euleros:glibc-langpack-te", "p-cpe:/a:huawei:euleros:glibc-langpack-tg", "p-cpe:/a:huawei:euleros:glibc-langpack-th", "p-cpe:/a:huawei:euleros:glibc-langpack-the", "p-cpe:/a:huawei:euleros:glibc-langpack-ti", "p-cpe:/a:huawei:euleros:glibc-langpack-tig", "p-cpe:/a:huawei:euleros:glibc-langpack-tk", "p-cpe:/a:huawei:euleros:glibc-langpack-tl", "p-cpe:/a:huawei:euleros:glibc-langpack-tn", "p-cpe:/a:huawei:euleros:glibc-langpack-to", "p-cpe:/a:huawei:euleros:glibc-langpack-tpi", "p-cpe:/a:huawei:euleros:glibc-langpack-tr", "p-cpe:/a:huawei:euleros:glibc-langpack-ts", "p-cpe:/a:huawei:euleros:glibc-langpack-tt", "p-cpe:/a:huawei:euleros:glibc-langpack-ug", "p-cpe:/a:huawei:euleros:glibc-langpack-uk", "p-cpe:/a:huawei:euleros:glibc-langpack-unm", "p-cpe:/a:huawei:euleros:glibc-langpack-ur", "p-cpe:/a:huawei:euleros:glibc-langpack-uz", "p-cpe:/a:huawei:euleros:glibc-langpack-ve", "p-cpe:/a:huawei:euleros:glibc-langpack-vi", "p-cpe:/a:huawei:euleros:glibc-langpack-wa", "p-cpe:/a:huawei:euleros:glibc-langpack-wae", "p-cpe:/a:huawei:euleros:glibc-langpack-wal", "p-cpe:/a:huawei:euleros:glibc-langpack-wo", "p-cpe:/a:huawei:euleros:glibc-langpack-xh", "p-cpe:/a:huawei:euleros:glibc-langpack-yi", "p-cpe:/a:huawei:euleros:glibc-langpack-yo", "p-cpe:/a:huawei:euleros:glibc-langpack-yue", "p-cpe:/a:huawei:euleros:glibc-langpack-yuw", "p-cpe:/a:huawei:euleros:glibc-langpack-zh", "p-cpe:/a:huawei:euleros:glibc-langpack-zu", "p-cpe:/a:huawei:euleros:glibc-locale-source", "p-cpe:/a:huawei:euleros:glibc-minimal-langpack", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:libnsl", "p-cpe:/a:huawei:euleros:nscd", "p-cpe:/a:huawei:euleros:nss_db", "p-cpe:/a:huawei:euleros:nss_hesiod", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2307.NASL", "href": "https://www.tenable.com/plugins/nessus/131472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131472);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10739\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : glibc (EulerOS-SA-2019-2307)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the glibc packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - In the GNU C Library (aka glibc or libc6) through 2.28,\n the getaddrinfo function would successfully parse a\n string that contained an IPv4 address followed by\n whitespace and arbitrary characters, which could lead\n applications to incorrectly assume that it had parsed a\n valid string, without the possibility of embedded HTTP\n headers or other potentially dangerous\n substrings.(CVE-2016-10739)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2307\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7f2d5c6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-agr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-anp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ayc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-bem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-bhb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-bho\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-bi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-bo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-brx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-byn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-chr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-cmn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-crh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-cv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-doi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-dv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-dz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-fil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-fo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-fur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-gez\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-hak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-hif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-hne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-iu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-kl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-kok\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-kw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ky\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-lb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-li\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ln\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-lo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-lzh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mag\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mfe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mhr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-miq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mjw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-mt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-nan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-nds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-nhn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-niu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-nr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-om\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-os\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-pap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-quz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-raj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-rw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sgs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-shn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-shs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-st\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-szl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-tcy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-tg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-the\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-tig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-to\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-tpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-tt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-unm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-ve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-wa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-wae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-wal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-wo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-yi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-yo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-yue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-yuw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-zh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-langpack-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-minimal-langpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss_db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss_hesiod\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.28-9.h23.eulerosv2r8\",\n \"glibc-all-langpacks-2.28-9.h23.eulerosv2r8\",\n \"glibc-common-2.28-9.h23.eulerosv2r8\",\n \"glibc-devel-2.28-9.h23.eulerosv2r8\",\n \"glibc-headers-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-aa-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-af-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-agr-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ak-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-am-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-an-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-anp-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ar-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-as-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ast-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ayc-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-az-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-be-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-bem-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ber-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-bg-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-bhb-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-bho-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-bi-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-bn-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-bo-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-br-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-brx-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-bs-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-byn-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ca-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ce-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-chr-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-cmn-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-crh-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-cs-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-csb-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-cv-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-cy-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-da-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-de-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-doi-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-dsb-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-dv-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-dz-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-el-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-en-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-eo-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-es-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-et-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-eu-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-fa-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ff-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-fi-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-fil-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-fo-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-fr-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-fur-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-fy-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ga-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-gd-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-gez-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-gl-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-gu-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-gv-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ha-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-hak-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-he-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-hi-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-hif-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-hne-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-hr-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-hsb-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ht-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-hu-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-hy-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ia-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-id-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ig-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ik-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-is-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-it-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-iu-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ja-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ka-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-kab-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-kk-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-kl-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-km-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-kn-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ko-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-kok-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ks-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ku-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-kw-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ky-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-lb-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-lg-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-li-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-lij-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ln-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-lo-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-lt-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-lv-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-lzh-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mag-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mai-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mfe-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mg-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mhr-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mi-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-miq-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mjw-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mk-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ml-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mn-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mni-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mr-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ms-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-mt-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-my-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-nan-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-nb-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-nds-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ne-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-nhn-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-niu-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-nl-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-nn-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-nr-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-nso-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-oc-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-om-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-or-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-os-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-pa-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-pap-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-pl-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ps-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-pt-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-quz-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-raj-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ro-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ru-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-rw-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sa-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sah-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sat-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sc-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sd-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-se-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sgs-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-shn-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-shs-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-si-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sid-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sk-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sl-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sm-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-so-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sq-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sr-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ss-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-st-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sv-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-sw-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-szl-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ta-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-tcy-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-te-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-tg-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-th-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-the-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ti-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-tig-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-tk-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-tl-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-tn-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-to-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-tpi-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-tr-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ts-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-tt-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ug-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-uk-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-unm-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ur-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-uz-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-ve-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-vi-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-wa-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-wae-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-wal-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-wo-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-xh-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-yi-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-yo-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-yue-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-yuw-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-zh-2.28-9.h23.eulerosv2r8\",\n \"glibc-langpack-zu-2.28-9.h23.eulerosv2r8\",\n \"glibc-locale-source-2.28-9.h23.eulerosv2r8\",\n \"glibc-minimal-langpack-2.28-9.h23.eulerosv2r8\",\n \"glibc-static-2.28-9.h23.eulerosv2r8\",\n \"glibc-utils-2.28-9.h23.eulerosv2r8\",\n \"libnsl-2.28-9.h23.eulerosv2r8\",\n \"nscd-2.28-9.h23.eulerosv2r8\",\n \"nss_db-2.28-9.h23.eulerosv2r8\",\n \"nss_hesiod-2.28-9.h23.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:28:44", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by a vulnerability:\n\n - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.\n (CVE-2016-10739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Vulnerability (NS-SA-2019-0194)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0194_GLIBC.NASL", "href": "https://www.tenable.com/plugins/nessus/129895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0194. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129895);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-10739\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Vulnerability (NS-SA-2019-0194)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by\na vulnerability:\n\n - In the GNU C Library (aka glibc or libc6) through 2.28,\n the getaddrinfo function would successfully parse a\n string that contained an IPv4 address followed by\n whitespace and arbitrary characters, which could lead\n applications to incorrectly assume that it had parsed a\n valid string, without the possibility of embedded HTTP\n headers or other potentially dangerous substrings.\n (CVE-2016-10739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0194\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL glibc packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"glibc-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-common-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-debuginfo-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-debuginfo-common-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-devel-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-headers-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-i18n-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-iconv-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-lang-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-locale-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-static-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-tools-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"glibc-utils-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\",\n \"nscd-2.17-292.el7.cgslv5.0.6.gb5964d2.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"glibc-2.17-292.el7.cgslv5.0.1.gf7a2c7a\",\n \"glibc-common-2.17-292.el7.cgslv5.0.1.gf7a2c7a\",\n \"glibc-debuginfo-2.17-292.el7.cgslv5.0.1.gf7a2c7a\",\n \"glibc-debuginfo-common-2.17-292.el7.cgslv5.0.1.gf7a2c7a\",\n \"glibc-devel-2.17-292.el7.cgslv5.0.1.gf7a2c7a\",\n \"glibc-headers-2.17-292.el7.cgslv5.0.1.gf7a2c7a\",\n \"glibc-static-2.17-292.el7.cgslv5.0.1.gf7a2c7a\",\n \"glibc-utils-2.17-292.el7.cgslv5.0.1.gf7a2c7a\",\n \"nscd-2.17-292.el7.cgslv5.0.1.gf7a2c7a\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:12:24", "description": "An update of the glibc package has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2020-05-13T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Glibc PHSA-2020-1.0-0293", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2020-05-15T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:glibc", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0293_GLIBC.NASL", "href": "https://www.tenable.com/plugins/nessus/136549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0293. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136549);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/15\");\n\n script_cve_id(\"CVE-2016-10739\");\n script_bugtraq_id(106672);\n\n script_name(english:\"Photon OS 1.0: Glibc PHSA-2020-1.0-0293\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the glibc package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-293.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"glibc-2.22-27.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"glibc-devel-2.22-27.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"glibc-lang-2.22-27.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:31:35", "description": "An update for glibc is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "RHEL 8 : glibc (RHSA-2019:3513)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:compat-libpthread-nonshared", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-all-langpacks", "p-cpe:/a:redhat:enterprise_linux:glibc-benchtests", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-aa", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-af", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-agr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ak", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-am", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-an", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-anp", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ar", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-as", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ast", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ayc", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-az", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-be", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bem", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ber", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bg", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bhb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bho", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bo", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-br", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-brx", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bs", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-byn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ca", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ce", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-chr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cmn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-crh", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cs", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-csb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cv", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cy", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-da", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-de", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-doi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-dsb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-dv", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-dz", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-el", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-en", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-eo", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-es", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-et", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-eu", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fa", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ff", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fil", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fo", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fur", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fy", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ga", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gd", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gez", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gu", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gv", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ha", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hak", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-he", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hif", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hne", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hsb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ht", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hu", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hy", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ia", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-id", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ig", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ik", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-is", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-it", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-iu", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ja", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ka", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kab", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kk", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-km", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ko", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kok", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ks", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ku", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kw", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ky", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lg", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-li", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lij", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ln", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lo", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lt", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lv", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lzh", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mag", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mai", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mfe", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mg", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mhr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-miq", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mjw", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mk", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ml", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mni", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ms", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mt", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-my", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nan", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nds", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ne", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nhn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-niu", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nso", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-oc", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-om", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-or", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-os", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pa", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pap", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ps", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pt", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-quz", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-raj", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ro", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ru", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-rw", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sa", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sah", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sat", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sc", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sd", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-se", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sgs", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-shn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-shs", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-si", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sid", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sk", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sm", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-so", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sq", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ss", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-st", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sv", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sw", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-szl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ta", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tcy", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-te", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tg", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-th", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-the", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ti", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tig", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tk", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-to", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tpi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ts", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tt", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ug", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-uk", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-unm", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ur", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-uz", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ve", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-vi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-wa", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-wae", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-wal", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-wo", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-xh", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-yi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-yo", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-yue", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-yuw", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-zh", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-zu", "p-cpe:/a:redhat:enterprise_linux:glibc-locale-source", "p-cpe:/a:redhat:enterprise_linux:glibc-minimal-langpack", "p-cpe:/a:redhat:enterprise_linux:glibc-nss-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:libnsl", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:nss_db", "p-cpe:/a:redhat:enterprise_linux:nss_hesiod", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3513.NASL", "href": "https://www.tenable.com/plugins/nessus/130546", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3513. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130546);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2016-10739\");\n script_xref(name:\"RHSA\", value:\"2019:3513\");\n\n script_name(english:\"RHEL 8 : glibc (RHSA-2019:3513)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for glibc is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* glibc: getaddrinfo should reject IP addresses with trailing\ncharacters (CVE-2016-10739)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?774148ae\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10739\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:compat-libpthread-nonshared\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-benchtests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-agr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-anp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ayc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bhb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bho\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-brx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-byn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-chr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cmn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-crh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-doi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-dv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-dz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gez\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-iu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kok\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ky\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-li\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ln\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lzh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mag\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mfe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mhr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-miq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mjw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nhn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-niu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-om\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-os\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-quz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-raj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-rw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sgs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-shn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-shs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-st\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-szl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tcy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-the\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-to\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-unm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-wa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-wae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-wal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-wo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-yi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-yo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-yue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-yuw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-zh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-langpack-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-minimal-langpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss_db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss_hesiod\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3513\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"compat-libpthread-nonshared-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"compat-libpthread-nonshared-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"glibc-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-all-langpacks-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-all-langpacks-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"glibc-benchtests-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-benchtests-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-benchtests-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-common-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-common-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"glibc-debuginfo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"glibc-debuginfo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-debuginfo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"glibc-debuginfo-common-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-debuginfo-common-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"glibc-devel-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-devel-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-devel-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"glibc-headers-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-headers-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-headers-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-aa-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-aa-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-af-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-af-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-agr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-agr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ak-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ak-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-am-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-am-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-an-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-an-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-anp-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-anp-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ar-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ar-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-as-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-as-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ast-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ast-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ayc-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ayc-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-az-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-az-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-be-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-be-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-bem-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-bem-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ber-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ber-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-bg-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-bg-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-bhb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-bhb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-bho-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-bho-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-bi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-bi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-bn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-bn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-bo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-bo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-br-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-br-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-brx-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-brx-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-bs-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-bs-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-byn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-byn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ca-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ca-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ce-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ce-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-chr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-chr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-cmn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-cmn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-crh-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-crh-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-cs-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-cs-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-csb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-csb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-cv-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-cv-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-cy-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-cy-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-da-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-da-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-de-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-de-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-doi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-doi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-dsb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-dsb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-dv-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-dv-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-dz-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-dz-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-el-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-el-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-en-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-en-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-eo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-eo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-es-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-es-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-et-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-et-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-eu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-eu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-fa-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-fa-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ff-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ff-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-fi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-fi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-fil-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-fil-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-fo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-fo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-fr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-fr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-fur-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-fur-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-fy-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-fy-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ga-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ga-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-gd-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-gd-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-gez-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-gez-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-gl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-gl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-gu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-gu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-gv-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-gv-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ha-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ha-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-hak-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-hak-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-he-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-he-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-hi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-hi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-hif-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-hif-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-hne-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-hne-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-hr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-hr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-hsb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-hsb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ht-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ht-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-hu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-hu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-hy-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-hy-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ia-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ia-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-id-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-id-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ig-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ig-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ik-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ik-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-is-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-is-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-it-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-it-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-iu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-iu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ja-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ja-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ka-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ka-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-kab-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-kab-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-kk-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-kk-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-kl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-kl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-km-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-km-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-kn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-kn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ko-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ko-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-kok-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-kok-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ks-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ks-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ku-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ku-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-kw-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-kw-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ky-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ky-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-lb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-lb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-lg-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-lg-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-li-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-li-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-lij-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-lij-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ln-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ln-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-lo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-lo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-lt-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-lt-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-lv-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-lv-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-lzh-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-lzh-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mag-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mag-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mai-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mai-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mfe-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mfe-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mg-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mg-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mhr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mhr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-miq-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-miq-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mjw-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mjw-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mk-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mk-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ml-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ml-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mni-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mni-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ms-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ms-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-mt-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-mt-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-my-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-my-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-nan-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-nan-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-nb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-nb-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-nds-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-nds-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ne-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ne-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-nhn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-nhn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-niu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-niu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-nl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-nl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-nn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-nn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-nr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-nr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-nso-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-nso-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-oc-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-oc-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-om-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-om-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-or-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-or-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-os-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-os-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-pa-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-pa-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-pap-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-pap-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-pl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-pl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ps-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ps-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-pt-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-pt-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-quz-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-quz-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-raj-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-raj-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ro-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ro-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ru-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ru-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-rw-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-rw-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sa-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sa-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sah-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sah-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sat-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sat-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sc-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sc-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sd-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sd-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-se-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-se-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sgs-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sgs-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-shn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-shn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-shs-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-shs-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-si-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-si-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sid-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sid-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sk-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sk-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sm-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sm-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-so-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-so-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sq-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sq-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ss-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ss-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-st-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-st-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sv-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sv-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-sw-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-sw-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-szl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-szl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ta-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ta-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-tcy-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-tcy-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-te-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-te-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-tg-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-tg-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-th-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-th-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-the-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-the-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ti-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ti-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-tig-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-tig-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-tk-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-tk-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-tl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-tl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-tn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-tn-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-to-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-to-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-tpi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-tpi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-tr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-tr-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ts-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ts-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-tt-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-tt-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ug-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ug-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-uk-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-uk-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-unm-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-unm-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ur-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ur-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-uz-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-uz-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-ve-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-ve-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-vi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-vi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-wa-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-wa-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-wae-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-wae-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-wal-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-wal-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-wo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-wo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-xh-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-xh-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-yi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-yi-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-yo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-yo-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-yue-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-yue-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-yuw-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-yuw-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-zh-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-zh-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-langpack-zu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-langpack-zu-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-locale-source-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-locale-source-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-minimal-langpack-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-minimal-langpack-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"glibc-nss-devel-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"glibc-nss-devel-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-nss-devel-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-nss-devel-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"glibc-static-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"glibc-static-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-static-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-static-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"glibc-utils-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"glibc-utils-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libnsl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libnsl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libnsl-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"nscd-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"nscd-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"nss_db-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"nss_db-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"nss_db-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"nss_hesiod-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"nss_hesiod-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"nss_hesiod-2.28-72.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"nss_hesiod-2.28-72.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-libpthread-nonshared / glibc / glibc-all-langpacks / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:21:49", "description": "Security Fix(es) :\n\n - glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL7.x x86_64 (20190806)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190806_GLIBC_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128220", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128220);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2016-10739\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL7.x x86_64 (20190806)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - glibc: getaddrinfo should reject IP addresses with\n trailing characters (CVE-2016-10739)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=21420\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c45de808\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-292.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nscd-2.17-292.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:22:04", "description": "An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : glibc (RHSA-2019:2118)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2118.NASL", "href": "https://www.tenable.com/plugins/nessus/127675", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2118. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127675);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2016-10739\");\n script_xref(name:\"RHSA\", value:\"2019:2118\");\n\n script_name(english:\"RHEL 7 : glibc (RHSA-2019:2118)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* glibc: getaddrinfo should reject IP addresses with trailing\ncharacters (CVE-2016-10739)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10739\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2118\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-common-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-common-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-devel-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-headers-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-static-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-utils-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nscd-2.17-292.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nscd-2.17-292.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:33:52", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has glibc packages installed that are affected by a vulnerability:\n\n - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.\n (CVE-2016-10739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : glibc Vulnerability (NS-SA-2019-0237)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0237_GLIBC.NASL", "href": "https://www.tenable.com/plugins/nessus/132501", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0237. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132501);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-10739\");\n script_bugtraq_id(106672);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : glibc Vulnerability (NS-SA-2019-0237)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has glibc packages installed that are affected by\na vulnerability:\n\n - In the GNU C Library (aka glibc or libc6) through 2.28,\n the getaddrinfo function would successfully parse a\n string that contained an IPv4 address followed by\n whitespace and arbitrary characters, which could lead\n applications to incorrectly assume that it had parsed a\n valid string, without the possibility of embedded HTTP\n headers or other potentially dangerous substrings.\n (CVE-2016-10739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0237\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL glibc packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"glibc-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-common-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-debuginfo-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-debuginfo-common-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-devel-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-headers-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-i18n-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-iconv-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-lang-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-locale-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-static-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-tools-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"glibc-utils-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\",\n \"nscd-2.17-292.el7.cgslv5_5.0.6.gf2d9547.lite\"\n ],\n \"CGSL MAIN 5.05\": [\n \"glibc-2.17-292.el7.cgslv5_5.0.1.g04f0a75\",\n \"glibc-common-2.17-292.el7.cgslv5_5.0.1.g04f0a75\",\n \"glibc-debuginfo-2.17-292.el7.cgslv5_5.0.1.g04f0a75\",\n \"glibc-debuginfo-common-2.17-292.el7.cgslv5_5.0.1.g04f0a75\",\n \"glibc-devel-2.17-292.el7.cgslv5_5.0.1.g04f0a75\",\n \"glibc-headers-2.17-292.el7.cgslv5_5.0.1.g04f0a75\",\n \"glibc-static-2.17-292.el7.cgslv5_5.0.1.g04f0a75\",\n \"glibc-utils-2.17-292.el7.cgslv5_5.0.1.g04f0a75\",\n \"nscd-2.17-292.el7.cgslv5_5.0.1.g04f0a75\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:52:13", "description": "This update for glibc fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729).\n\nOther issue fixed: Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045).\n\nAdded new Japanese Era name support (bsc#1100396).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2019:0903-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-debugsource", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-devel-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-devel-static", "p-cpe:/a:novell:suse_linux:glibc-extra", "p-cpe:/a:novell:suse_linux:glibc-extra-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-locale-base", "p-cpe:/a:novell:suse_linux:glibc-locale-base-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:glibc-utils", "p-cpe:/a:novell:suse_linux:glibc-utils-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-utils-src-debugsource", "p-cpe:/a:novell:suse_linux:nscd", "p-cpe:/a:novell:suse_linux:nscd-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0903-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0903-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123928);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2016-10739\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2019:0903-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for glibc fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2016-10739: Fixed an improper implementation of getaddrinfo\nfunction which could allow applications to incorrectly assume that had\nparsed a valid string, without the possibility of embedded HTTP\nheaders or other potentially dangerous substrings (bsc#1122729).\n\nOther issue fixed: Fixed an issue where pthread_mutex_trylock did not\nuse a correct order of instructions while maintained the robust mutex\nlist due to missing compiler barriers (bsc#1130045).\n\nAdded new Japanese Era name support (bsc#1100396).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10739/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190903-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca44d61d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-903=1\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2019-903=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-903=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-utils-src-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-32bit-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-32bit-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-debugsource-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-devel-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-devel-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-devel-static-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-extra-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-extra-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-locale-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-locale-base-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-locale-base-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-profile-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-utils-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-utils-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glibc-utils-src-debugsource-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nscd-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nscd-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-32bit-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-32bit-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-debugsource-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-devel-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-devel-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-devel-static-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-extra-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-extra-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-locale-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-locale-base-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-locale-base-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-profile-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-utils-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-utils-debuginfo-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glibc-utils-src-debugsource-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"nscd-2.26-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"nscd-debuginfo-2.26-13.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-08T00:45:16", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:0015-1 advisory.\n\n - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. (CVE-2016-10739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2023-01-04T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : glibc (SUSE-SU-2023:0015-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10739"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-32bit", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2023-0015-1.NASL", "href": "https://www.tenable.com/plugins/nessus/169484", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0015-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169484);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\"CVE-2016-10739\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0015-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : glibc (SUSE-SU-2023:0015-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-\nSU-2023:0015-1 advisory.\n\n - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse\n a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead\n applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded\n HTTP headers or other potentially dangerous substrings. (CVE-2016-10739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1122729\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-January/013417.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dd421d24\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-10739\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'glibc-2.22-133.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-32bit-2.22-133.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-devel-2.22-133.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-devel-32bit-2.22-133.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-html-2.22-133.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-i18ndata-2.22-133.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-info-2.22-133.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-locale-2.22-133.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-locale-32bit-2.22-133.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-profile-2.22-133.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-profile-32bit-2.22-133.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'nscd-2.22-133.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'glibc-2.22-133.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'glibc-32bit-2.22-133.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'glibc-devel-2.22-133.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'glibc-devel-32bit-2.22-133.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'glibc-html-2.22-133.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'glibc-i18ndata-2.22-133.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'glibc-info-2.22-133.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'glibc-locale-2.22-133.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'glibc-locale-32bit-2.22-133.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'glibc-profile-2.22-133.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'glibc-profile-32bit-2.22-133.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'nscd-2.22-133.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / glibc-html / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:52:35", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openldap packages installed that are affected by a vulnerability:\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : openldap Vulnerability (NS-SA-2021-0168)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2021-10-28T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:openldap", "p-cpe:/a:zte:cgsl_core:openldap-clients", "p-cpe:/a:zte:cgsl_core:openldap-devel", "p-cpe:/a:zte:cgsl_core:openldap-servers", "p-cpe:/a:zte:cgsl_core:openldap-servers-sql", "p-cpe:/a:zte:cgsl_main:openldap", "p-cpe:/a:zte:cgsl_main:openldap-clients", "p-cpe:/a:zte:cgsl_main:openldap-devel", "p-cpe:/a:zte:cgsl_main:openldap-servers", "p-cpe:/a:zte:cgsl_main:openldap-servers-sql", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0168_OPENLDAP.NASL", "href": "https://www.tenable.com/plugins/nessus/154602", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0168. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154602);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/28\");\n\n script_cve_id(\"CVE-2020-12243\");\n script_xref(name:\"IAVB\", value:\"2020-B-0028-S\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : openldap Vulnerability (NS-SA-2021-0168)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openldap packages installed that are affected\nby a vulnerability:\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can\n result in denial of service (daemon crash). (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12243\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL openldap packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12243\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'openldap-2.4.44-22.el7',\n 'openldap-clients-2.4.44-22.el7',\n 'openldap-devel-2.4.44-22.el7',\n 'openldap-servers-2.4.44-22.el7',\n 'openldap-servers-sql-2.4.44-22.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'openldap-2.4.44-22.el7',\n 'openldap-clients-2.4.44-22.el7',\n 'openldap-devel-2.4.44-22.el7',\n 'openldap-servers-2.4.44-22.el7',\n 'openldap-servers-sql-2.4.44-22.el7'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openldap');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:50:46", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4041 advisory.\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : openldap (ELSA-2020-4041)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:openldap", "p-cpe:/a:oracle:linux:openldap-clients", "p-cpe:/a:oracle:linux:openldap-devel", "p-cpe:/a:oracle:linux:openldap-servers", "p-cpe:/a:oracle:linux:openldap-servers-sql"], "id": "ORACLELINUX_ELSA-2020-4041.NASL", "href": "https://www.tenable.com/plugins/nessus/141240", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4041.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141240);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\"CVE-2020-12243\");\n\n script_name(english:\"Oracle Linux 7 : openldap (ELSA-2020-4041)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-4041 advisory.\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can\n result in denial of service (daemon crash). (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://linux.oracle.com/errata/ELSA-2020-4041.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12243\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers-sql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'openldap-2.4.44-22.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'openldap-2.4.44-22.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'openldap-2.4.44-22.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'openldap-clients-2.4.44-22.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'openldap-clients-2.4.44-22.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'openldap-devel-2.4.44-22.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'openldap-devel-2.4.44-22.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'openldap-devel-2.4.44-22.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'openldap-servers-2.4.44-22.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'openldap-servers-2.4.44-22.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'openldap-servers-sql-2.4.44-22.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'openldap-servers-sql-2.4.44-22.el7', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openldap / openldap-clients / openldap-devel / etc');\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:51:04", "description": "According to the version of the openldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).(CVE-2020-12243)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : openldap (EulerOS-SA-2020-2230)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openldap", "p-cpe:/a:huawei:euleros:openldap-clients", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2020-2230.NASL", "href": "https://www.tenable.com/plugins/nessus/141730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141730);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12243\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : openldap (EulerOS-SA-2020-2230)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openldap packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP\n search filters with nested boolean expressions can\n result in denial of service (daemon\n crash).(CVE-2020-12243)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2230\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a1f5953\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openldap package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12243\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openldap-2.4.44-15.h10.eulerosv2r7\",\n \"openldap-clients-2.4.44-15.h10.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:51:05", "description": "Security Fix(es) :\n\n - openldap: denial of service via nested boolean expressions in LDAP search filters (CVE-2020-12243)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openldap on SL7.x x86_64 (20201001)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openldap", "p-cpe:/a:fermilab:scientific_linux:openldap-clients", "p-cpe:/a:fermilab:scientific_linux:openldap-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openldap-devel", "p-cpe:/a:fermilab:scientific_linux:openldap-servers", "p-cpe:/a:fermilab:scientific_linux:openldap-servers-sql", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201001_OPENLDAP_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/141663", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141663);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-12243\");\n\n script_name(english:\"Scientific Linux Security Update : openldap on SL7.x x86_64 (20201001)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - openldap: denial of service via nested boolean\n expressions in LDAP search filters (CVE-2020-12243)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=16259\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?acfcd943\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openldap-2.4.44-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openldap-clients-2.4.44-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openldap-debuginfo-2.4.44-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openldap-devel-2.4.44-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openldap-servers-2.4.44-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openldap-servers-sql-2.4.44-22.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-debuginfo / openldap-devel / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:52:48", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4041 advisory.\n\n - openldap: denial of service via nested boolean expressions in LDAP search filters (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-19T00:00:00", "type": "nessus", "title": "RHEL 7 : openldap (RHSA-2020:4041)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:openldap", "p-cpe:/a:redhat:enterprise_linux:openldap-clients", "p-cpe:/a:redhat:enterprise_linux:openldap-devel", "p-cpe:/a:redhat:enterprise_linux:openldap-servers", "p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql"], "id": "REDHAT-RHSA-2020-4041.NASL", "href": "https://www.tenable.com/plugins/nessus/143072", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4041. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143072);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-12243\");\n script_xref(name:\"RHSA\", value:\"2020:4041\");\n script_xref(name:\"IAVB\", value:\"2020-B-0028-S\");\n\n script_name(english:\"RHEL 7 : openldap (RHSA-2020:4041)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4041 advisory.\n\n - openldap: denial of service via nested boolean expressions in LDAP search filters (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1833535\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12243\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openldap-2.4.44-22.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openldap-clients-2.4.44-22.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openldap-clients-2.4.44-22.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openldap-devel-2.4.44-22.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openldap-servers-2.4.44-22.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openldap-servers-2.4.44-22.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openldap-servers-sql-2.4.44-22.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openldap-servers-sql-2.4.44-22.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openldap / openldap-clients / openldap-devel / openldap-servers / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:50:43", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4041 advisory.\n\n - openldap: denial of service via nested boolean expressions in LDAP search filters (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "CentOS 7 : openldap (CESA-2020:4041)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openldap", "p-cpe:/a:centos:centos:openldap-clients", "p-cpe:/a:centos:centos:openldap-devel", "p-cpe:/a:centos:centos:openldap-servers", "p-cpe:/a:centos:centos:openldap-servers-sql", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-4041.NASL", "href": "https://www.tenable.com/plugins/nessus/141636", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4041 and\n# CentOS Errata and Security Advisory 2020:4041 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141636);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-12243\");\n script_xref(name:\"RHSA\", value:\"2020:4041\");\n\n script_name(english:\"CentOS 7 : openldap (CESA-2020:4041)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:4041 advisory.\n\n - openldap: denial of service via nested boolean expressions in LDAP search filters (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012791.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?979570fb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12243\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'openldap-2.4.44-22.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'openldap-2.4.44-22.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'openldap-clients-2.4.44-22.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'openldap-devel-2.4.44-22.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'openldap-devel-2.4.44-22.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'openldap-servers-2.4.44-22.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'openldap-servers-sql-2.4.44-22.el7', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openldap / openldap-clients / openldap-devel / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:53:20", "description": "According to the version of the compat-openldap package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).(CVE-2020-12243)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : compat-openldap (EulerOS-SA-2020-2334)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:compat-openldap", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2334.NASL", "href": "https://www.tenable.com/plugins/nessus/142340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142340);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12243\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : compat-openldap (EulerOS-SA-2020-2334)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the compat-openldap package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerability :\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP\n search filters with nested boolean expressions can\n result in denial of service (daemon\n crash).(CVE-2020-12243)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2334\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f000c8e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected compat-openldap package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"compat-openldap-2.3.43-5.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:50:26", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1539 advisory.\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : openldap (ALAS-2020-1539)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2020-10-28T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openldap", "p-cpe:/a:amazon:linux:openldap-clients", "p-cpe:/a:amazon:linux:openldap-debuginfo", "p-cpe:/a:amazon:linux:openldap-devel", "p-cpe:/a:amazon:linux:openldap-servers", "p-cpe:/a:amazon:linux:openldap-servers-sql", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1539.NASL", "href": "https://www.tenable.com/plugins/nessus/141954", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1539.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141954);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/28\");\n\n script_cve_id(\"CVE-2020-12243\");\n script_xref(name:\"ALAS\", value:\"2020-1539\");\n\n script_name(english:\"Amazon Linux 2 : openldap (ALAS-2020-1539)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2020-1539 advisory.\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can\n result in denial of service (daemon crash). (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1539.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12243\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update openldap' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12243\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'openldap-2.4.44-22.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'openldap-2.4.44-22.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'openldap-2.4.44-22.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'openldap-clients-2.4.44-22.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'openldap-clients-2.4.44-22.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'openldap-clients-2.4.44-22.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'openldap-debuginfo-2.4.44-22.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'openldap-debuginfo-2.4.44-22.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'openldap-debuginfo-2.4.44-22.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'openldap-devel-2.4.44-22.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'openldap-devel-2.4.44-22.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'openldap-devel-2.4.44-22.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'openldap-servers-2.4.44-22.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'openldap-servers-2.4.44-22.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'openldap-servers-2.4.44-22.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'openldap-servers-sql-2.4.44-22.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'openldap-servers-sql-2.4.44-22.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'openldap-servers-sql-2.4.44-22.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-debuginfo / etc\");\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:50:00", "description": "According to the version of the compat-openldap package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).(CVE-2020-12243)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : compat-openldap (EulerOS-SA-2020-2240)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:compat-openldap", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2240.NASL", "href": "https://www.tenable.com/plugins/nessus/142074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142074);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12243\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : compat-openldap (EulerOS-SA-2020-2240)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the compat-openldap package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerability :\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP\n search filters with nested boolean expressions can\n result in denial of service (daemon\n crash).(CVE-2020-12243)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2240\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?24e8f2c2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected compat-openldap package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"compat-openldap-2.3.43-5.h1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:45:28", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14358-1 advisory.\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : openldap2 (SUSE-SU-2020:14358-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:compat-libldap-2_3-0", "p-cpe:/a:novell:suse_linux:libldap-2_4-2", "p-cpe:/a:novell:suse_linux:libldap-2_4-2-32bit", "p-cpe:/a:novell:suse_linux:libldap-openssl1-2_4-2", "p-cpe:/a:novell:suse_linux:libldap-openssl1-2_4-2-32bit", "p-cpe:/a:novell:suse_linux:libldap-openssl1-2_4-2-x86", "p-cpe:/a:novell:suse_linux:openldap2", "p-cpe:/a:novell:suse_linux:openldap2-back-meta", "p-cpe:/a:novell:suse_linux:openldap2-client", "p-cpe:/a:novell:suse_linux:openldap2-client-openssl1", "p-cpe:/a:novell:suse_linux:openldap2-openssl1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2020-14358-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150627", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14358-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150627);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\"CVE-2020-12243\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14358-1\");\n script_xref(name:\"IAVB\", value:\"2020-B-0028-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : openldap2 (SUSE-SU-2020:14358-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE-\nSU-2020:14358-1 advisory.\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can\n result in denial of service (daemon crash). (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1170771\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-May/006801.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1471a478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12243\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12243\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:compat-libldap-2_3-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldap-2_4-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldap-2_4-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldap-openssl1-2_4-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldap-openssl1-2_4-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldap-openssl1-2_4-2-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openldap2-back-meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openldap2-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openldap2-client-openssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openldap2-openssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(0|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP0/4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'libldap-openssl1-2_4-2-2.4.26-0.74.9', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'libldap-openssl1-2_4-2-32bit-2.4.26-0.74.9', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'libldap-openssl1-2_4-2-32bit-2.4.26-0.74.9', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'openldap2-client-openssl1-2.4.26-0.74.9', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'openldap2-openssl1-2.4.26-0.74.9', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'compat-libldap-2_3-0-2.3.37-2.74.9', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libldap-2_4-2-2.4.26-0.74.9', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libldap-2_4-2-32bit-2.4.26-0.74.9', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libldap-2_4-2-32bit-2.4.26-0.74.9', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'openldap2-2.4.26-0.74.9', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'openldap2-back-meta-2.4.26-0.74.9', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'openldap2-client-2.4.26-0.74.9', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libldap-openssl1-2_4-2-2.4.26-0.74.9', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'libldap-openssl1-2_4-2-32bit-2.4.26-0.74.9', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'libldap-openssl1-2_4-2-32bit-2.4.26-0.74.9', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'openldap2-client-openssl1-2.4.26-0.74.9', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'openldap2-openssl1-2.4.26-0.74.9', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'compat-libldap-2_3-0-2.3.37-2.74.9', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libldap-2_4-2-2.4.26-0.74.9', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libldap-2_4-2-32bit-2.4.26-0.74.9', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libldap-2_4-2-32bit-2.4.26-0.74.9', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'openldap2-2.4.26-0.74.9', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'openldap2-back-meta-2.4.26-0.74.9', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'openldap2-client-2.4.26-0.74.9', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'compat-libldap-2_3-0 / libldap-2_4-2 / libldap-2_4-2-32bit / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:37:33", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openldap packages installed that are affected by a vulnerability:\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : openldap Vulnerability (NS-SA-2021-0024)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2021-03-11T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0024_OPENLDAP.NASL", "href": "https://www.tenable.com/plugins/nessus/147359", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0024. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147359);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2020-12243\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : openldap Vulnerability (NS-SA-2021-0024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openldap packages installed that are affected\nby a vulnerability:\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can\n result in denial of service (daemon crash). (CVE-2020-12243)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0024\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL openldap packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12243\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'openldap-2.4.44-22.el7',\n 'openldap-clients-2.4.44-22.el7',\n 'openldap-debuginfo-2.4.44-22.el7',\n 'openldap-devel-2.4.44-22.el7',\n 'openldap-servers-2.4.44-22.el7',\n 'openldap-servers-sql-2.4.44-22.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'openldap-2.4.44-22.el7',\n 'openldap-clients-2.4.44-22.el7',\n 'openldap-debuginfo-2.4.44-22.el7',\n 'openldap-devel-2.4.44-22.el7',\n 'openldap-servers-2.4.44-22.el7',\n 'openldap-servers-sql-2.4.44-22.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openldap');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-05T14:25:23", "description": "According to the version of the openldap packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).(CVE-2020-12243)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : openldap (EulerOS-SA-2020-1959)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openldap", "p-cpe:/a:huawei:euleros:openldap-clients", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1959.NASL", "href": "https://www.tenable.com/plugins/nessus/140329", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140329);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12243\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : openldap (EulerOS-SA-2020-1959)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openldap packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP\n search filters with nested boolean expressions can\n result in denial of service (daemon\n crash).(CVE-2020-12243)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1959\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64d3e94f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openldap package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openldap-2.4.44-15.h10\",\n \"openldap-clients-2.4.44-15.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:32:14", "description": "A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. LDAP search filters with nested boolean expressions can result in denial of service (slapd daemon crash).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-30T00:00:00", "type": "nessus", "title": "Debian DSA-4666-1 : openldap - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openldap", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4666.NASL", "href": "https://www.tenable.com/plugins/nessus/136123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4666. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136123);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-12243\");\n script_xref(name:\"DSA\", value:\"4666\");\n script_xref(name:\"IAVB\", value:\"2020-B-0028-S\");\n\n script_name(english:\"Debian DSA-4666-1 : openldap - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in OpenLDAP, a free implementation of\nthe Lightweight Directory Access Protocol. LDAP search filters with\nnested boolean expressions can result in denial of service (slapd\ndaemon crash).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openldap\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openldap\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/openldap\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4666\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openldap packages.\n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 2.4.44+dfsg-5+deb9u4.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.4.47+dfsg-3+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"ldap-utils\", reference:\"2.4.47+dfsg-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libldap-2.4-2\", reference:\"2.4.47+dfsg-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libldap-common\", reference:\"2.4.47+dfsg-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libldap2-dev\", reference:\"2.4.47+dfsg-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"slapd\", reference:\"2.4.47+dfsg-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"slapd-contrib\", reference:\"2.4.47+dfsg-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"slapd-smbk5pwd\", reference:\"2.4.47+dfsg-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"slapi-dev\", reference:\"2.4.47+dfsg-3+deb10u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ldap-utils\", reference:\"2.4.44+dfsg-5+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libldap-2.4-2\", reference:\"2.4.44+dfsg-5+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libldap-2.4-2-dbg\", reference:\"2.4.44+dfsg-5+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libldap-common\", reference:\"2.4.44+dfsg-5+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libldap2-dev\", reference:\"2.4.44+dfsg-5+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"slapd\", reference:\"2.4.44+dfsg-5+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"slapd-dbg\", reference:\"2.4.44+dfsg-5+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"slapd-smbk5pwd\", reference:\"2.4.44+dfsg-5+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:33:50", "description": "This update for openldap2 fixes the following issues :\n\nCVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : openldap2 (SUSE-SU-2020:1219-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12243"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libldap-2_4", "p-cpe:/a:novell:suse_linux:libldap-2_4-2", "p-cpe:/a:novell:suse_linux:libldap-2_4-2-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libldap-2_4-2-debuginfo", "p-cpe:/a:novell:suse_linux:openldap2", "p-cpe:/a:novell:suse_linux:openldap2-back-meta", "p-cpe:/a:novell:suse_linux:openldap2-back-meta-debuginfo", "p-cpe:/a:novell:suse_linux:openldap2-back-perl", "p-cpe:/a:novell:suse_linux:openldap2-back-perl-debuginfo", "p-cpe:/a:novell:suse_linux:openldap2-back-sock", "p-cpe:/a:novell:suse_linux:openldap2-back-sock-debuginfo", "p-cpe:/a:novell:suse_linux:openldap2-back-sql", "p-cpe:/a:novell:suse_linux:openldap2-back-sql-debuginfo", "p-cpe:/a:novell:suse_linux:openldap2-client", "p-cpe:/a:novell:suse_linux:openldap2-client-debuginfo", "p-cpe:/a:novell:suse_linux:openldap2-contrib", "p-cpe:/a:novell:suse_linux:openldap2-contrib-debuginfo", "p-cpe:/a:novell:suse_linux:openldap2-debuginfo", "p-cpe:/a:novell:suse_linux:openldap2-debugsource", "p-cpe:/a:novell:suse_linux:openldap2-devel", "p-cpe:/a:novell:suse_linux:openldap2-devel-static", "p-cpe:/a:novell:suse_linux:openldap2-ppolicy-check-password", "p-cpe:/a:novell:suse_linux:openldap2-ppolicy-check-password-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1219-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1219-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136655);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-12243\");\n script_xref(name:\"IAVB\", value:\"2020-B-0028-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : openldap2 (SUSE-SU-2020:1219-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openldap2 fixes the following issues :\n\nCVE-2020-12243: Fixed a denial of service related to recursive filters\n(bsc#1170771).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12243/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201219-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9843b400\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command lis