DATABASE RESOURCES PRICING ABOUT US

{"id": "PHSA-2020-0264", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Critical Photon OS Security Update - PHSA-2020-0264", "description": "Updates of ['sudo', 'dbus', 'sqlite-autoconf', 'apache-tomcat', 'yarn', 'go', 'openssl', 'bindutils', 'kubernetes'] packages of Photon OS have been released.\n", "published": "2020-01-15T00:00:00", "modified": "2020-01-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-264", "reporter": "Photon", "references": [], "cvelist": ["CVE-2018-5743", "CVE-2018-5744", "CVE-2018-5745", "CVE-2019-10773", "CVE-2019-11253", "CVE-2019-12418", "CVE-2019-12749", "CVE-2019-1551", "CVE-2019-16276", "CVE-2019-17563", "CVE-2019-17596", "CVE-2019-19232", "CVE-2019-19234", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-20218", "CVE-2019-6465", "CVE-2019-6467", "CVE-2019-6468", "CVE-2019-6469", "CVE-2019-6471"], "immutableFields": [], "lastseen": "2022-05-12T18:05:12", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4442", "ALSA-2021:4396"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2018-5743", "ALPINE:CVE-2018-5744", "ALPINE:CVE-2018-5745", "ALPINE:CVE-2019-19317", "ALPINE:CVE-2019-19603", "ALPINE:CVE-2019-19645", "ALPINE:CVE-2019-19646", "ALPINE:CVE-2019-19880", "ALPINE:CVE-2019-19926", "ALPINE:CVE-2019-20218", "ALPINE:CVE-2019-6465", "ALPINE:CVE-2019-6467", "ALPINE:CVE-2019-6471"]}, {"type": "amazon", "idList": ["ALAS-2019-1244", "ALAS-2019-1246", "ALAS-2019-1321", "ALAS-2020-1336", "ALAS-2020-1337", "ALAS2-2019-1231", "ALAS2-2019-1335", "ALAS2-2020-1383", "ALAS2-2020-1441", "ALAS2-2021-1687"]}, {"type": "apple", "idList": ["APPLE:CF9C08BD8DDC6A4A1E0D3912347422D3", "APPLE:HT211100"]}, {"type": "archlinux", "idList": ["ASA-201902-25", "ASA-201906-16", "ASA-201910-11", "ASA-201910-12", "ASA-202002-3"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-70487", "ATLASSIAN:JRASERVER-70993", "ATLASSIAN:JRASERVER-71321", "JRASERVER-70487", "JRASERVER-70993", "JRASERVER-71321"]}, {"type": "attackerkb", "idList": ["AKB:3C42D63D-858B-4BE3-8C0E-3423577B453B"]}, {"type": "centos", "idList": ["CESA-2019:1294", "CESA-2019:1492", "CESA-2019:1726", "CESA-2020:1061", "CESA-2020:4004", "CESA-2020:4032"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-1220", "CPAI-2019-1439", "CPAI-2019-1443"]}, {"type": "chrome", "idList": ["GCSA-8579594118646068818"]}, {"type": "cisa", "idList": ["CISA:31A9423F65C396263BEB65CAE22F1B69", "CISA:81E156CCA8A49FD9195FBCF1442A77C0", "CISA:B6D550D7E68F298152BD6F14CCBAF6B2"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:382409CF924E238EEC63CF12C2AAD65C", "CFOUNDRY:517E4C2F9EA6E0BC6990C9D553E6E759", "CFOUNDRY:5EA35272975027EBFB62DFE2535B7B4B", "CFOUNDRY:79AEA0CB72178344BEE07C9B9FEA86F0", "CFOUNDRY:AA356DA8CD5E3C69DBEE45AEF6C8C74F", "CFOUNDRY:B9E12135BD01ABCFA846E41AF7C5D36A", "CFOUNDRY:FAA30968EB5FC787D7DD15251E2F2C77"]}, {"type": "cve", "idList": ["CVE-2018-5743", "CVE-2018-5744", "CVE-2018-5745", "CVE-2019-10773", "CVE-2019-11253", "CVE-2019-12418", "CVE-2019-12749", "CVE-2019-1551", "CVE-2019-16276", "CVE-2019-17563", "CVE-2019-17596", "CVE-2019-19232", "CVE-2019-19234", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19926", "CVE-2019-20218", "CVE-2019-6465", "CVE-2019-6467", "CVE-2019-6468", "CVE-2019-6469", "CVE-2019-6471"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1697-1:2962B", "DEBIAN:DLA-1818-1:DDF42", "DEBIAN:DLA-1818-1:E9A9D", "DEBIAN:DLA-1859-1:5A253", "DEBIAN:DLA-2077-1:6806C", "DEBIAN:DLA-2077-1:F0A8A", "DEBIAN:DLA-2155-1:734F1", "DEBIAN:DLA-2155-1:A3D3F", "DEBIAN:DLA-2209-1:84C77", "DEBIAN:DLA-2209-1:D154F", "DEBIAN:DLA-2340-1:34DF9", "DEBIAN:DLA-2340-2:984C0", "DEBIAN:DLA-2591-1:1BCAE", "DEBIAN:DLA-2592-1:6DFC9", "DEBIAN:DLA-2952-1:7651B", "DEBIAN:DSA-4440-1:DE2A1", "DEBIAN:DSA-4462-1:236EB", "DEBIAN:DSA-4462-1:92FB2", "DEBIAN:DSA-4534-1:49373", "DEBIAN:DSA-4551-1:48D37", "DEBIAN:DSA-4594-1:28CBC", "DEBIAN:DSA-4596-1:D180A", "DEBIAN:DSA-4638-1:8959D", "DEBIAN:DSA-4680-1:FCF2B", "DEBIAN:DSA-4855-1:4A0C0", "DEBIAN:DSA-4855-1:B091B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-5743", "DEBIANCVE:CVE-2018-5744", "DEBIANCVE:CVE-2018-5745", "DEBIANCVE:CVE-2019-10773", "DEBIANCVE:CVE-2019-11253", "DEBIANCVE:CVE-2019-12418", "DEBIANCVE:CVE-2019-12749", "DEBIANCVE:CVE-2019-1551", "DEBIANCVE:CVE-2019-16276", "DEBIANCVE:CVE-2019-17563", "DEBIANCVE:CVE-2019-17596", "DEBIANCVE:CVE-2019-19232", "DEBIANCVE:CVE-2019-19234", "DEBIANCVE:CVE-2019-19317", "DEBIANCVE:CVE-2019-19603", "DEBIANCVE:CVE-2019-19645", "DEBIANCVE:CVE-2019-19646", "DEBIANCVE:CVE-2019-19880", "DEBIANCVE:CVE-2019-19926", "DEBIANCVE:CVE-2019-20218", "DEBIANCVE:CVE-2019-6465", "DEBIANCVE:CVE-2019-6467", "DEBIANCVE:CVE-2019-6468", "DEBIANCVE:CVE-2019-6469", "DEBIANCVE:CVE-2019-6471"]}, {"type": "f5", "idList": ["F5:K00040234", "F5:K01713115", "F5:K10092301", "F5:K10107360", "F5:K24551552", "F5:K25244852", "F5:K25719440", "F5:K29538335", "F5:K39751401", "F5:K43798238", "F5:K51740320", "F5:K74009656"]}, {"type": "fedora", "idList": ["FEDORA:0552760DDBA6", "FEDORA:0C9E6604E7C5", "FEDORA:1472D6087A90", "FEDORA:22D0D60E6562", "FEDORA:23EF6608C00F", "FEDORA:2604F60A4A22", "FEDORA:2EED9608C00F", "FEDORA:34A636087AA1", "FEDORA:5468F616FD5E", "FEDORA:5E78E608FD00", "FEDORA:5FEFC6087A8B", "FEDORA:60C5D60A7CAB", "FEDORA:619C3604E7E5", "FEDORA:6CBB56087AA4", "FEDORA:6EF18603E859", "FEDORA:72EA16170ED3", "FEDORA:7BEB760AAB1E", "FEDORA:81469604E7E9", "FEDORA:822D960BF257", "FEDORA:8514B6312F21", "FEDORA:906DE6CB3CD6", "FEDORA:976B760CEC41", "FEDORA:9F86B604E849", "FEDORA:A150F6170ED8", "FEDORA:A45AD604D0C6", "FEDORA:B0BBE6085FBF", "FEDORA:BBC2360DAFFE", "FEDORA:BF4FB6291CB6", "FEDORA:CCB9960F3CBA", "FEDORA:D307A6040ED0", "FEDORA:E26056094E46"]}, {"type": "filippoio", "idList": ["FILIPPOIO:4B385378072DFC88E0366142791B2D01"]}, {"type": "freebsd", "idList": ["A92DCC5C-E05C-11E9-B589-10C37B4AC2EA", "D778DDB0-2338-11EA-A1C7-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201909-08", "GLSA-202003-43", "GLSA-202004-10", "GLSA-202007-26"]}, {"type": "github", "idList": ["GHSA-5XF4-F2FQ-F69J", "GHSA-9XCJ-C8CR-8C3C", "GHSA-HH3J-X4MC-G48R", "GHSA-PMQP-H87C-MR78"]}, {"type": "githubexploit", "idList": ["6CD8EE89-F461-5010-97F0-849A1F4EACC0"]}, {"type": "gitlab", "idList": ["GITLAB-810ADA37F486B156C48C2FACE0963EC3"]}, {"type": "hackerone", "idList": ["H1:874427"]}, {"type": "ibm", "idList": ["00433CAF266E39F063C2B039391891725D25992A193F3BAAA61C1BA35BEFE3BF", "02740F7656140577EDC311D3FA53C782BE9C2AFA138D94E3B0583A50F28424DA", "05DE1EFB30D692110AB36D7BB5C4B38E9ABAD670DF4D0E8931A22F173557C1C5", "09991BD27DF134FB901D580D8AB22958816A72F1DA9169086D91AB2CCAA0D19E", "0A425AE154320282FF38ABB3C8BA8D3AD10793B88A3CFCA031B295F986453B12", "10CB4A382F71235A232A4AC631C91468C4488E96D8D86D3E5C710149B035D0C6", "182ED5AD7CF357116A64F92AE0C8648101BC7AB5DF8EDE8FE7B9E71B9663F4A8", "1914476FD091A15E96610F7BF31547167EE2615FDE4E5D3885C1359FD96241AA", "19D52A8FF35F7ED39A8E12A67475724D85072FACAB5E51B0C6DA31F67A07D139", "1B0ED4A3526A4957AFA5966EC1D954AC93826AA8F95F1EF2E8A3A6657E73F691", "1E31E5192E10CAAECCFE249B0EEB57518F8681EB105FB477D1D108CDEEAD4DD9", "25866EAC5116B5C36C790B49E143D8CC4258D3DCE1C90FBCAE80E34B6D66A383", "2E0D3D0CF86F6C48B680F76C93BAE1886AC182B679AAB019C0AA49D79D2D84BA", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "30FFFEA2FE2E4E9AF5ECA6DC17AE2B44C7349035512A5564E90395AD4D0D14BA", "358DC0980F7932DD14B85959C6700782E8655CCB3063C8C48A71493831458384", "36565348F4E1B0CCDE0AADC411DA06910C9187D494E861656F2898FFF80CA633", "3C11B4BD0B55A172B45C8E03D5AB2A1C7518A10AD88EEF28C27F3CAC22D50821", "3D146D20D9103ED9256B66FD53EDAF762F672F2AA4E03E30804B3593AC6BF9FB", "3ED399AF209808B1374AFCAC052B0FB4EB79FD66E665BCF34B20BDBF55F1A844", "443D72A50EC70BB907313144DE326CBB62CC442B470D6915D9AFF2C8F6E0D2A6", "4462F68776C0B9CE996B1CDD6E1466E18E772BB0C1491F3161CE6D6FC1362DD3", "48743691B199137A582CC22605BCF99658033695C6D69E50041B31A074707355", "4D5D3AA8306686844D70A86B8E8C7FB203583BE55BB61154D3CA31923B789FF0", "4D6026D2378DFAE0342546A94E59324990A3422CAD2055D33C7BA1FDA462C7D2", "50AFB1284FA10D4E83AEFE409E8E05B67E7E2BCCAE0E467F68601455F164F5E3", "5ADB23E4C43F40AD933F7A5CBCBB7E5A2791B3C17559DA9640788D1A05D01DBB", "5ADDCDCCBCAA61DA8CF5B02CB5B449E5A5F2BFFE2D509DF07ECBF25E4F3493E4", "5DC8FB040A584733A88E3C4FB30004B815F71BE1D0193C00019FE31037DC709D", "5ED6F65C34FD095B48899720A6344EAE7FF857E7695EE530B2A53ACD626E084A", "64CA83B4AAA0FF268F5AB6411B7FFA8B5E6832BCA6CEC17E2AD91907E9D5A645", "6CFD1F4E92DE674FABBF5CB0AB382F8E451BC50559AF2503871032E5B3345584", "7976285C796BB636B28F14C5DA550AD74D4373A4D28EA23185C050910A0811C7", "7A8DF41BD76EC438451409A025AAD65BC78A02087B1DD7CD7F2F435E28BE86C0", "800A6C12EBBBDBB2633F5809CF00CC9F5447A54DBD01297E44D1F3BAFFF47249", "896C186FC78806A801DD528297944E87EABFE00A17B3EFEAEF67EC83E9AE3EB3", "8F3CD95BCA8C4009997AF9EDE1226F64B4E8B7082242CCBCC8499B5260C42EBB", "95DB73F5A2D4EB11B85C362DCF03F9F8FC46C7CB97B1703FBB0155459B8D3286", "9639F84E85C1FD3D4C5A89655B415BE95E955B63B48D2B85EF64F81DAC429A11", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "9AE75CB1A1D3DD100D9064B9CD05456A761753026F2FA396034E23E18AE154DF", "A77752C32B282EE01C2B264981C7DFDC7554CD9C1469D9E83E02A1B6F7E98B7C", "A9CA8DFBA64226520065BE2DED5307C1A6412A8D63AF1CDB64C14B2E280978CD", "AE43F70F3F5D62A658918CCC29799CE9BC8043632FD1B49352EA1394C508AEFE", "B28FD4A25B43EFD2C7450FB640D5515FCCE6BF18AB77452E913D7313263F803B", "BA5D75DD3BDD7C9BE9721C381340CE1807132D85DA11BAED9C1E577F18A77C03", "BB0BB588BA142A401449DE291B329CE161991528E5A53909B1D7A6642B50C2DC", "C1E9DD1D5F56BE590CE67E5ACE9A370747957987F59BF2DE6CD477A299E8C37E", "C2FBE434FDED9DC756BE855E33C9AD8C0A5B759539A8AEC3235DE5AFDA3E29EF", "C596338966F1610A28DC01FBB21502CC71651B70DBC8B96D9603EBE432E4D5E6", "CAD0AF0EEE65AC3FA6B204F1FFF00B9921F356F552AFDDA967C7307BEF52E7FF", "D123779355BC4ABF556BE1CB1C0AC3B3376DE0C5AEACD6468D7153F832BCE791", "D1C46B789333C2B233BD52DAB7C8C5CB23731728C99BCA9D613D721AE2639645", "D539341B64A88A49490C3C0F20392F7B5A9616A42C069A2509BF53F2F8A4D618", "E817E7CC83FE8715306D28C653DB646FDADE31AB5B2E6D0633EF4C1838CEC408", "FFD20BDA9DC0CD5DDBF6748696EACE0D0B49FB850C5DF5A2ED65A12A1B79DB4F"]}, {"type": "ics", "idList": ["ICSA-22-069-09"]}, {"type": "kaspersky", "idList": ["KLA11626", "KLA11627", "KLA11660", "KLA11721"]}, {"type": "kitploit", "idList": ["KITPLOIT:8656177976839178440"]}, {"type": "mageia", "idList": ["MGASA-2019-0299", "MGASA-2019-0310", "MGASA-2019-0339", "MGASA-2020-0023", "MGASA-2020-0054", "MGASA-2020-0070", "MGASA-2020-0246"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1231.NASL", "AL2_ALAS-2019-1335.NASL", "AL2_ALAS-2020-1383.NASL", "AL2_ALAS-2020-1441.NASL", "AL2_ALAS-2021-1687.NASL", "ALA_ALAS-2019-1244.NASL", "ALA_ALAS-2019-1246.NASL", "ALA_ALAS-2019-1321.NASL", "ALA_ALAS-2020-1336.NASL", "ALA_ALAS-2020-1337.NASL", "ALMA_LINUX_ALSA-2020-4442.NASL", "ALMA_LINUX_ALSA-2021-4396.NASL", "BIND9_9117.NASL", "BIND9_CVE-2018-5743.NASL", "BIND9_CVE-2018-5744.NASL", "BIND9_CVE-2018-5745.NASL", "BIND9_CVE-2019-6465.NASL", "BIND9_CVE-2019-6467.NASL", "BIND9_CVE-2019-6468.NASL", "BIND9_CVE-2019-6471.NASL", "CENTOS8_RHSA-2019-3707.NASL", "CENTOS8_RHSA-2020-0329.NASL", "CENTOS8_RHSA-2020-1804.NASL", "CENTOS8_RHSA-2020-4442.NASL", "CENTOS8_RHSA-2020-4514.NASL", "CENTOS8_RHSA-2021-4396.NASL", "CENTOS_RHSA-2019-1294.NASL", "CENTOS_RHSA-2019-1492.NASL", "CENTOS_RHSA-2019-1726.NASL", "CENTOS_RHSA-2020-1061.NASL", "CENTOS_RHSA-2020-4004.NASL", "CENTOS_RHSA-2020-4032.NASL", "DEBIAN_DLA-1697.NASL", "DEBIAN_DLA-1818.NASL", "DEBIAN_DLA-1859.NASL", "DEBIAN_DLA-2077.NASL", "DEBIAN_DLA-2155.NASL", "DEBIAN_DLA-2209.NASL", "DEBIAN_DLA-2340.NASL", "DEBIAN_DLA-2591.NASL", "DEBIAN_DLA-2592.NASL", "DEBIAN_DLA-2952.NASL", "DEBIAN_DSA-4440.NASL", "DEBIAN_DSA-4462.NASL", "DEBIAN_DSA-4534.NASL", "DEBIAN_DSA-4551.NASL", "DEBIAN_DSA-4594.NASL", "DEBIAN_DSA-4596.NASL", "DEBIAN_DSA-4638.NASL", "DEBIAN_DSA-4680.NASL", "DEBIAN_DSA-4855.NASL", "EULEROS_SA-2019-1641.NASL", "EULEROS_SA-2019-1664.NASL", "EULEROS_SA-2019-1673.NASL", "EULEROS_SA-2019-1704.NASL", "EULEROS_SA-2019-1706.NASL", "EULEROS_SA-2019-1727.NASL", "EULEROS_SA-2019-1730.NASL", "EULEROS_SA-2019-1767.NASL", "EULEROS_SA-2019-1822.NASL", "EULEROS_SA-2019-2022.NASL", "EULEROS_SA-2019-2040.NASL", "EULEROS_SA-2019-2096.NASL", "EULEROS_SA-2019-2128.NASL", "EULEROS_SA-2019-2275.NASL", "EULEROS_SA-2019-2321.NASL", "EULEROS_SA-2019-2453.NASL", "EULEROS_SA-2019-2529.NASL", "EULEROS_SA-2019-2557.NASL", "EULEROS_SA-2019-2699.NASL", "EULEROS_SA-2020-1021.NASL", "EULEROS_SA-2020-1033.NASL", "EULEROS_SA-2020-1047.NASL", "EULEROS_SA-2020-1063.NASL", "EULEROS_SA-2020-1079.NASL", "EULEROS_SA-2020-1132.NASL", "EULEROS_SA-2020-1135.NASL", "EULEROS_SA-2020-1136.NASL", "EULEROS_SA-2020-1141.NASL", "EULEROS_SA-2020-1180.NASL", "EULEROS_SA-2020-1181.NASL", "EULEROS_SA-2020-1182.NASL", "EULEROS_SA-2020-1203.NASL", "EULEROS_SA-2020-1333.NASL", "EULEROS_SA-2020-1349.NASL", "EULEROS_SA-2020-1355.NASL", "EULEROS_SA-2020-1364.NASL", "EULEROS_SA-2020-1434.NASL", "EULEROS_SA-2020-1435.NASL", "EULEROS_SA-2020-1438.NASL", "EULEROS_SA-2020-1444.NASL", "EULEROS_SA-2020-1460.NASL", "EULEROS_SA-2020-1538.NASL", "EULEROS_SA-2020-1562.NASL", "EULEROS_SA-2020-1564.NASL", "EULEROS_SA-2020-1624.NASL", "EULEROS_SA-2020-1625.NASL", "EULEROS_SA-2020-1629.NASL", "EULEROS_SA-2020-1645.NASL", "EULEROS_SA-2020-1662.NASL", "EULEROS_SA-2020-1764.NASL", "EULEROS_SA-2020-1785.NASL", "EULEROS_SA-2020-1804.NASL", "EULEROS_SA-2020-2196.NASL", "EULEROS_SA-2020-2197.NASL", "EULEROS_SA-2021-1825.NASL", "F5_BIGIP_SOL00040234.NASL", "F5_BIGIP_SOL01713115.NASL", "F5_BIGIP_SOL10092301.NASL", "F5_BIGIP_SOL25244852.NASL", "F5_BIGIP_SOL74009656.NASL", "FEDORA_2019-1B8CBD39FF.NASL", "FEDORA_2019-34E097C66C.NASL", "FEDORA_2019-416D20F960.NASL", "FEDORA_2019-4593120208.NASL", "FEDORA_2019-5396A60397.NASL", "FEDORA_2019-D04F66E595.NASL", "FEDORA_2019-D5DED5326B.NASL", "FEDORA_2019-E99C1603C3.NASL", "FEDORA_2019-F72801C260.NASL", "FEDORA_2019-F791948895.NASL", "FEDORA_2020-7525BEEFA1.NASL", "FEDORA_2020-766CE5ADAE.NASL", "FEDORA_2020-8B563BC5F4.NASL", "FEDORA_2020-D7B29838F6.NASL", "FEDORA_2020-DA2D1EF2D7.NASL", "FREEBSD_PKG_A92DCC5CE05C11E9B58910C37B4AC2EA.NASL", "FREEBSD_PKG_D778DDB0233811EAA1C7B499BAEBFEAF.NASL", "GENTOO_GLSA-201909-08.NASL", "GENTOO_GLSA-202003-43.NASL", "GENTOO_GLSA-202004-10.NASL", "GENTOO_GLSA-202007-26.NASL", "JUNIPER_JSA11025.NASL", "LCE_6_0_9.NASL", "MACOS_HT211100.NASL", "MICROSOFT_EDGE_CHROMIUM_80_0_361_48.NASL", "MYSQL_8_0_21.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_20_1227.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_21_1240.NASL", "NEWSTART_CGSL_NS-SA-2019-0087_BIND.NASL", "NEWSTART_CGSL_NS-SA-2019-0158_BIND.NASL", "NEWSTART_CGSL_NS-SA-2019-0167_BIND.NASL", "NEWSTART_CGSL_NS-SA-2019-0173_DBUS.NASL", "NEWSTART_CGSL_NS-SA-2019-0174_BIND.NASL", "NEWSTART_CGSL_NS-SA-2020-0016_DBUS.NASL", "NEWSTART_CGSL_NS-SA-2020-0063_BIND.NASL", "NEWSTART_CGSL_NS-SA-2020-0095_BIND.NASL", "NEWSTART_CGSL_NS-SA-2021-0017_BIND.NASL", "NEWSTART_CGSL_NS-SA-2021-0017_DBUS.NASL", "NEWSTART_CGSL_NS-SA-2021-0028_TOMCAT.NASL", "NEWSTART_CGSL_NS-SA-2021-0064_SQLITE.NASL", "NEWSTART_CGSL_NS-SA-2021-0086_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2021-0120_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0144_TOMCAT.NASL", "NEWSTART_CGSL_NS-SA-2021-0152_DBUS.NASL", "NEWSTART_CGSL_NS-SA-2022-0010_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0044_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0056_DOCKER-CE.NASL", "OPENSSL_1_0_2U.NASL", "OPENSSL_1_1_1E_DEV.NASL", "OPENSUSE-2019-1532.NASL", "OPENSUSE-2019-1533.NASL", "OPENSUSE-2019-1604.NASL", "OPENSUSE-2019-1671.NASL", "OPENSUSE-2019-1750.NASL", "OPENSUSE-2019-2263.NASL", "OPENSUSE-2019-2265.NASL", "OPENSUSE-2019-2521.NASL", "OPENSUSE-2019-2522.NASL", "OPENSUSE-2020-189.NASL", "OPENSUSE-2020-38.NASL", "OPENSUSE-2020-61.NASL", "OPENSUSE-2020-62.NASL", "OPENSUSE-2021-1058.NASL", "OPENSUSE-2021-1130.NASL", "OPENSUSE-2021-2320.NASL", "OPENSUSE-2021-2575.NASL", "OPENSUSE-2021-2637.NASL", "OPENSUSE-2021-2795.NASL", "ORACLELINUX_ELSA-2019-1145.NASL", "ORACLELINUX_ELSA-2019-1294.NASL", "ORACLELINUX_ELSA-2019-1492.NASL", "ORACLELINUX_ELSA-2019-1714.NASL", "ORACLELINUX_ELSA-2019-1726.NASL", "ORACLELINUX_ELSA-2020-0329.NASL", "ORACLELINUX_ELSA-2020-4032.NASL", "ORACLELINUX_ELSA-2020-4442.NASL", "ORACLELINUX_ELSA-2020-4514.NASL", "ORACLELINUX_ELSA-2021-4396.NASL", "ORACLEVM_OVMSA-2019-0027.NASL", "ORACLEVM_OVMSA-2019-0034.NASL", "ORACLEVM_OVMSA-2020-0021.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2020_CPU.NASL", "ORACLE_RDBMS_CPU_APR_2020.NASL", "PHOTONOS_PHSA-2019-2_0-0198_SQLITE.NASL", "PHOTONOS_PHSA-2020-1_0-0264_APACHE.NASL", "PHOTONOS_PHSA-2020-1_0-0264_DBUS.NASL", "PHOTONOS_PHSA-2020-1_0-0264_GO.NASL", "PHOTONOS_PHSA-2020-1_0-0264_KUBERNETES.NASL", "PHOTONOS_PHSA-2020-1_0-0264_OPENSSL.NASL", "PHOTONOS_PHSA-2020-1_0-0264_SQLITE.NASL", "PHOTONOS_PHSA-2020-1_0-0264_SUDO.NASL", "PHOTONOS_PHSA-2020-1_0-0264_YARN.NASL", "PHOTONOS_PHSA-2020-2_0-0199_BINDUTILS.NASL", "PHOTONOS_PHSA-2020-2_0-0200_APACHE.NASL", "PHOTONOS_PHSA-2020-2_0-0200_SQLITE.NASL", "PHOTONOS_PHSA-2020-2_0-0200_YARN.NASL", "PHOTONOS_PHSA-2020-2_0-0204_NXTGN.NASL", "PHOTONOS_PHSA-2020-3_0-0048_OPENSSL.NASL", "PHOTONOS_PHSA-2020-3_0-0051_APACHE.NASL", "PHOTONOS_PHSA-2020-3_0-0054_NXTGN.NASL", "PHOTONOS_PHSA-2020-3_0-0057_YARN.NASL", "REDHAT-RHSA-2019-1145.NASL", "REDHAT-RHSA-2019-1294.NASL", "REDHAT-RHSA-2019-1492.NASL", "REDHAT-RHSA-2019-1714.NASL", "REDHAT-RHSA-2019-1726.NASL", "REDHAT-RHSA-2019-2698.NASL", "REDHAT-RHSA-2019-2868.NASL", "REDHAT-RHSA-2019-2870.NASL", "REDHAT-RHSA-2019-2977.NASL", "REDHAT-RHSA-2019-3132.NASL", "REDHAT-RHSA-2019-3239.NASL", "REDHAT-RHSA-2019-3552.NASL", "REDHAT-RHSA-2019-3707.NASL", "REDHAT-RHSA-2019-3811.NASL", "REDHAT-RHSA-2019-3905.NASL", "REDHAT-RHSA-2020-0101.NASL", "REDHAT-RHSA-2020-0329.NASL", "REDHAT-RHSA-2020-0514.NASL", "REDHAT-RHSA-2020-0861.NASL", "REDHAT-RHSA-2020-1061.NASL", "REDHAT-RHSA-2020-1520.NASL", "REDHAT-RHSA-2020-1804.NASL", "REDHAT-RHSA-2020-2795.NASL", "REDHAT-RHSA-2020-2796.NASL", "REDHAT-RHSA-2020-2799.NASL", "REDHAT-RHSA-2020-2861.NASL", "REDHAT-RHSA-2020-2863.NASL", "REDHAT-RHSA-2020-2870.NASL", "REDHAT-RHSA-2020-4004.NASL", "REDHAT-RHSA-2020-4032.NASL", "REDHAT-RHSA-2020-4384.NASL", "REDHAT-RHSA-2020-4442.NASL", "REDHAT-RHSA-2020-4514.NASL", "REDHAT-RHSA-2021-0882.NASL", "REDHAT-RHSA-2021-1030.NASL", "REDHAT-RHSA-2021-4396.NASL", "SECURITYCENTER_5_17_0_TNS_2020_11.NASL", "SECURITYCENTER_5_19_0_TNS_2021_08.NASL", "SECURITYCENTER_5_19_0_TNS_2021_14.NASL", "SLACKWARE_SSA_2019-116-01.NASL", "SLACKWARE_SSA_2019-171-01.NASL", "SLACKWARE_SSA_2019-354-01.NASL", "SL_20190529_BIND_ON_SL7_X.NASL", "SL_20190617_BIND_ON_SL6_X.NASL", "SL_20190710_DBUS_ON_SL6_X.NASL", "SL_20200407_BIND_ON_SL7_X.NASL", "SL_20201001_DBUS_ON_SL7_X.NASL", "SL_20201001_TOMCAT_ON_SL7_X.NASL", "SUSE_SU-2019-1407-1.NASL", "SUSE_SU-2019-14074-1.NASL", "SUSE_SU-2019-14111-1.NASL", "SUSE_SU-2019-1449-1.NASL", "SUSE_SU-2019-1521-1.NASL", "SUSE_SU-2019-1591-1.NASL", "SUSE_SU-2019-1595-1.NASL", "SUSE_SU-2019-1597-1.NASL", "SUSE_SU-2019-2502-1.NASL", "SUSE_SU-2019-2550-1.NASL", "SUSE_SU-2019-2820-1.NASL", "SUSE_SU-2019-2940-1.NASL", "SUSE_SU-2020-0002-1.NASL", "SUSE_SU-2020-0028-1.NASL", "SUSE_SU-2020-0064-1.NASL", "SUSE_SU-2020-0069-1.NASL", "SUSE_SU-2020-0099-1.NASL", "SUSE_SU-2020-0474-1.NASL", "SUSE_SU-2020-14375-1.NASL", "SUSE_SU-2020-1672-1.NASL", "SUSE_SU-2021-14771-1.NASL", "SUSE_SU-2021-2320-1.NASL", "SUSE_SU-2021-2564-1.NASL", "SUSE_SU-2021-2636-1.NASL", "SUSE_SU-2021-2637-1.NASL", "SUSE_SU-2021-2638-1.NASL", "SUSE_SU-2021-2795-1.NASL", "SUSE_SU-2021-3215-1.NASL", "TENABLE_NESSUS_AGENT_TNS_2020_03.NASL", "TOMCAT_8_5_49.NASL", "TOMCAT_8_5_50.NASL", "TOMCAT_9_0_30.NASL", "UBUNTU_USN-3893-1.NASL", "UBUNTU_USN-3956-1.NASL", "UBUNTU_USN-3956-2.NASL", "UBUNTU_USN-4015-1.NASL", "UBUNTU_USN-4026-1.NASL", "UBUNTU_USN-4251-1.NASL", "UBUNTU_USN-4298-1.NASL", "UBUNTU_USN-4376-1.NASL", "UBUNTU_USN-4394-1.NASL", "UBUNTU_USN-4504-1.NASL", "VIRTUOZZO_VZLSA-2019-1492.NASL", "VIRTUOZZO_VZLSA-2019-1726.NASL", "WEB_APPLICATION_SCANNING_98949", "WEB_APPLICATION_SCANNING_98968", "WEB_APPLICATION_SCANNING_98969", "WEB_APPLICATION_SCANNING_98970", "WEB_APPLICATION_SCANNING_98971", "WEB_APPLICATION_SCANNING_98972"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2019-1551"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310140837", "OPENVAS:1361412562310141281", "OPENVAS:1361412562310142033", "OPENVAS:1361412562310142034", "OPENVAS:1361412562310142320", "OPENVAS:1361412562310142321", "OPENVAS:1361412562310142322", "OPENVAS:1361412562310142323", "OPENVAS:1361412562310142324", "OPENVAS:1361412562310142325", "OPENVAS:1361412562310143161", "OPENVAS:1361412562310143162", "OPENVAS:1361412562310143311", "OPENVAS:1361412562310143312", "OPENVAS:1361412562310143313", "OPENVAS:1361412562310143314", "OPENVAS:1361412562310704440", "OPENVAS:1361412562310704462", "OPENVAS:1361412562310704534", "OPENVAS:1361412562310704551", "OPENVAS:1361412562310704594", "OPENVAS:1361412562310704596", "OPENVAS:1361412562310704638", "OPENVAS:1361412562310704680", "OPENVAS:1361412562310815755", "OPENVAS:1361412562310815756", "OPENVAS:1361412562310815757", "OPENVAS:1361412562310816724", "OPENVAS:1361412562310843913", "OPENVAS:1361412562310843989", "OPENVAS:1361412562310844049", "OPENVAS:1361412562310844059", "OPENVAS:1361412562310844309", "OPENVAS:1361412562310844360", "OPENVAS:1361412562310844450", "OPENVAS:1361412562310844467", "OPENVAS:1361412562310852551", "OPENVAS:1361412562310852553", "OPENVAS:1361412562310852577", "OPENVAS:1361412562310852604", "OPENVAS:1361412562310852730", "OPENVAS:1361412562310852776", "OPENVAS:1361412562310852830", "OPENVAS:1361412562310852873", "OPENVAS:1361412562310852885", "OPENVAS:1361412562310852980", "OPENVAS:1361412562310853001", "OPENVAS:1361412562310853030", "OPENVAS:1361412562310875746", "OPENVAS:1361412562310876114", "OPENVAS:1361412562310876125", "OPENVAS:1361412562310876156", "OPENVAS:1361412562310876171", "OPENVAS:1361412562310876458", "OPENVAS:1361412562310876460", "OPENVAS:1361412562310876461", "OPENVAS:1361412562310876462", "OPENVAS:1361412562310876507", "OPENVAS:1361412562310876595", "OPENVAS:1361412562310876596", "OPENVAS:1361412562310876597", "OPENVAS:1361412562310876598", "OPENVAS:1361412562310876793", "OPENVAS:1361412562310876794", "OPENVAS:1361412562310876796", "OPENVAS:1361412562310876799", "OPENVAS:1361412562310876892", "OPENVAS:1361412562310876912", "OPENVAS:1361412562310876991", "OPENVAS:1361412562310877080", "OPENVAS:1361412562310877306", "OPENVAS:1361412562310877334", "OPENVAS:1361412562310877439", "OPENVAS:1361412562310877448", "OPENVAS:1361412562310877547", "OPENVAS:1361412562310877588", "OPENVAS:1361412562310877736", "OPENVAS:1361412562310877748", "OPENVAS:1361412562310877816", "OPENVAS:1361412562310883062", "OPENVAS:1361412562310883067", "OPENVAS:1361412562310883079", "OPENVAS:1361412562310891697", "OPENVAS:1361412562310891818", "OPENVAS:1361412562310891859", "OPENVAS:1361412562310892077", "OPENVAS:1361412562310892155", "OPENVAS:1361412562310892209", "OPENVAS:1361412562311220191641", "OPENVAS:1361412562311220191664", "OPENVAS:1361412562311220191673", "OPENVAS:1361412562311220191704", "OPENVAS:1361412562311220191706", "OPENVAS:1361412562311220191727", "OPENVAS:1361412562311220191730", "OPENVAS:1361412562311220191767", "OPENVAS:1361412562311220191822", "OPENVAS:1361412562311220192022", "OPENVAS:1361412562311220192040", "OPENVAS:1361412562311220192096", "OPENVAS:1361412562311220192128", "OPENVAS:1361412562311220192275", "OPENVAS:1361412562311220192321", "OPENVAS:1361412562311220192453", "OPENVAS:1361412562311220192529", "OPENVAS:1361412562311220192557", "OPENVAS:1361412562311220192699", "OPENVAS:1361412562311220201021", "OPENVAS:1361412562311220201033", "OPENVAS:1361412562311220201047", "OPENVAS:1361412562311220201063", "OPENVAS:1361412562311220201079", "OPENVAS:1361412562311220201132", "OPENVAS:1361412562311220201135", "OPENVAS:1361412562311220201136", "OPENVAS:1361412562311220201141", "OPENVAS:1361412562311220201180", "OPENVAS:1361412562311220201181", "OPENVAS:1361412562311220201182", "OPENVAS:1361412562311220201203", "OPENVAS:1361412562311220201333", "OPENVAS:1361412562311220201349", "OPENVAS:1361412562311220201355", "OPENVAS:1361412562311220201364", "OPENVAS:1361412562311220201434", "OPENVAS:1361412562311220201435", "OPENVAS:1361412562311220201438", "OPENVAS:1361412562311220201444", "OPENVAS:1361412562311220201460", "OPENVAS:1361412562311220201538", "OPENVAS:1361412562311220201562", "OPENVAS:1361412562311220201564", "OPENVAS:1361412562311220201624", "OPENVAS:1361412562311220201625", "OPENVAS:1361412562311220201629", "OPENVAS:1361412562311220201645", "OPENVAS:1361412562311220201662", "OPENVAS:1361412562311220201764", "OPENVAS:1361412562311220201785"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUJAN2021", "ORACLE:CPUJUL2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1145", "ELSA-2019-1294", "ELSA-2019-1492", "ELSA-2019-1714", "ELSA-2019-1726", "ELSA-2019-2057", "ELSA-2019-3552", "ELSA-2019-3707", "ELSA-2019-4816", "ELSA-2020-0329", "ELSA-2020-1061", "ELSA-2020-1804", "ELSA-2020-4004", "ELSA-2020-4032", "ELSA-2020-4442", "ELSA-2020-4514", "ELSA-2020-5653", "ELSA-2020-5654", "ELSA-2021-4396"]}, {"type": "osv", "idList": ["OSV:DLA-1697-1", "OSV:DLA-1818-1", "OSV:DLA-1859-1", "OSV:DLA-2077-1", "OSV:DLA-2155-1", "OSV:DLA-2209-1", "OSV:DLA-2340-1", "OSV:DLA-2340-2", "OSV:DLA-2591-1", "OSV:DLA-2592-1", "OSV:DLA-2952-1", "OSV:DSA-4440-1", "OSV:DSA-4462-1", "OSV:DSA-4534-1", "OSV:DSA-4551-1", "OSV:DSA-4594-1", "OSV:DSA-4596-1", "OSV:DSA-4638-1", "OSV:DSA-4680-1", "OSV:DSA-4855-1", "OSV:GHSA-5XF4-F2FQ-F69J", "OSV:GHSA-9XCJ-C8CR-8C3C", "OSV:GHSA-HH3J-X4MC-G48R", "OSV:GHSA-PMQP-H87C-MR78", "OSV:GO-2022-0212", "OSV:GO-2022-0213"]}, {"type": "photon", "idList": ["PHSA-2019-0031", "PHSA-2019-0036", "PHSA-2019-0037", "PHSA-2019-0184", "PHSA-2019-0198", "PHSA-2019-0199", "PHSA-2019-3.0-0036", "PHSA-2019-3.0-0037", "PHSA-2020-0048", "PHSA-2020-0049", "PHSA-2020-0051", "PHSA-2020-0054", "PHSA-2020-0057", "PHSA-2020-0200", "PHSA-2020-0203", "PHSA-2020-0204", "PHSA-2020-1.0-0264", "PHSA-2020-2.0-0198", "PHSA-2020-2.0-0199", "PHSA-2020-2.0-0200", "PHSA-2020-2.0-0201", "PHSA-2020-2.0-0204", "PHSA-2020-3.0-0048", "PHSA-2020-3.0-0051", "PHSA-2020-3.0-0054", "PHSA-2020-3.0-0057"]}, {"type": "redhat", "idList": ["RHSA-2019:1145", "RHSA-2019:1294", "RHSA-2019:1492", "RHSA-2019:1714", "RHSA-2019:1726", "RHSA-2019:2698", "RHSA-2019:2868", "RHSA-2019:2870", "RHSA-2019:2977", "RHSA-2019:3132", "RHSA-2019:3239", "RHSA-2019:3552", "RHSA-2019:3707", "RHSA-2019:3811", "RHSA-2019:3905", "RHSA-2020:0101", "RHSA-2020:0329", "RHSA-2020:0475", "RHSA-2020:0514", "RHSA-2020:0652", "RHSA-2020:0860", "RHSA-2020:0861", "RHSA-2020:1061", "RHSA-2020:1277", "RHSA-2020:1520", "RHSA-2020:1521", "RHSA-2020:1804", "RHSA-2020:2795", "RHSA-2020:2796", "RHSA-2020:2799", "RHSA-2020:2861", "RHSA-2020:2863", "RHSA-2020:2870", "RHSA-2020:3194", "RHSA-2020:4004", "RHSA-2020:4032", "RHSA-2020:4254", "RHSA-2020:4255", "RHSA-2020:4264", "RHSA-2020:4383", "RHSA-2020:4384", "RHSA-2020:4442", "RHSA-2020:4514", "RHSA-2020:5149", "RHSA-2020:5364", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0050", "RHSA-2021:0146", "RHSA-2021:0190", "RHSA-2021:0436", "RHSA-2021:0778", "RHSA-2021:0799", "RHSA-2021:0882", "RHSA-2021:0949", "RHSA-2021:1030", "RHSA-2021:1129", "RHSA-2021:2021", "RHSA-2021:4032", "RHSA-2021:4396", "RHSA-2021:4627", "RHSA-2021:4845", "RHSA-2021:4848", "RHSA-2021:4902", "RHSA-2021:4914", "RHSA-2021:5038", "RHSA-2021:5127", "RHSA-2021:5128", "RHSA-2021:5129", "RHSA-2021:5137", "RHSA-2022:0202", "RHSA-2022:0318", "RHSA-2022:0434", "RHSA-2022:0580", "RHSA-2022:0842", "RHSA-2022:0856", "RHSA-2022:1081", "RHSA-2022:1396", "RHSA-2022:2183"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5743", "RH:CVE-2018-5744", "RH:CVE-2018-5745", "RH:CVE-2019-10773", "RH:CVE-2019-11253", "RH:CVE-2019-12418", "RH:CVE-2019-12749", "RH:CVE-2019-1551", "RH:CVE-2019-16276", "RH:CVE-2019-17563", "RH:CVE-2019-17596", "RH:CVE-2019-19232", "RH:CVE-2019-19234", "RH:CVE-2019-19317", "RH:CVE-2019-19603", "RH:CVE-2019-19645", "RH:CVE-2019-19646", "RH:CVE-2019-19880", "RH:CVE-2019-19926", "RH:CVE-2019-20218", "RH:CVE-2019-6465", "RH:CVE-2019-6467", "RH:CVE-2019-6468", "RH:CVE-2019-6469", "RH:CVE-2019-6471", "RH:CVE-2019-6477"]}, {"type": "slackware", "idList": ["SSA-2019-116-01", "SSA-2019-171-01", "SSA-2019-354-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1532-1", "OPENSUSE-SU-2019:1533-1", "OPENSUSE-SU-2019:1604-1", "OPENSUSE-SU-2019:1671-1", "OPENSUSE-SU-2019:1750-1", "OPENSUSE-SU-2019:2263-1", "OPENSUSE-SU-2019:2265-1", "OPENSUSE-SU-2019:2521-1", "OPENSUSE-SU-2019:2522-1", "OPENSUSE-SU-2020:0038-1", "OPENSUSE-SU-2020:0062-1", "OPENSUSE-SU-2020:0189-1", "OPENSUSE-SU-2020:0210-1", "OPENSUSE-SU-2020:0233-1", "OPENSUSE-SU-2021:1058-1", "OPENSUSE-SU-2021:2320-1"]}, {"type": "symantec", "idList": ["SMNTC-110598", "SMNTC-111133", "SMNTC-111149", "SMNTC-111245", "SMNTC-111247", "SMNTC-111263", "SMNTC-111342", "SMNTC-111356", "SMNTC-1765", "SMNTC-1768"]}, {"type": "threatpost", "idList": ["THREATPOST:370E8753340A65AA22C611DB35A611BA", "THREATPOST:639EA1C04C8045117A5A3480A9967CB7", "THREATPOST:DFF8ED339B7012ECBA9C67651AC4441A", "THREATPOST:FC19D0DEB6098A46E54D73010204C32B"]}, {"type": "tomcat", "idList": ["TOMCAT:34D1BB5AAB77A4FA5A232BB1CC1DBE12", "TOMCAT:A66B656C929B7FB0E855CBC84E3CC1C3", "TOMCAT:EB85C74A2FFEC0BC4964D6CF659D2F1D", "TOMCAT:F551C8E09F0122E8322CF8CB981AC710", "TOMCAT:F732146DF28A05A3F4B1EFE76B3CC81C"]}, {"type": "ubuntu", "idList": ["USN-3893-1", "USN-3893-2", "USN-3956-1", "USN-3956-2", "USN-4015-1", "USN-4015-2", "USN-4026-1", "USN-4251-1", "USN-4298-1", "USN-4376-1", "USN-4394-1", "USN-4504-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5743", "UB:CVE-2018-5744", "UB:CVE-2018-5745", "UB:CVE-2019-10773", "UB:CVE-2019-11253", "UB:CVE-2019-12418", "UB:CVE-2019-12749", "UB:CVE-2019-1551", "UB:CVE-2019-16276", "UB:CVE-2019-17563", "UB:CVE-2019-17596", "UB:CVE-2019-19232", "UB:CVE-2019-19234", "UB:CVE-2019-19317", "UB:CVE-2019-19603", "UB:CVE-2019-19645", "UB:CVE-2019-19646", "UB:CVE-2019-19880", "UB:CVE-2019-19926", "UB:CVE-2019-20218", "UB:CVE-2019-6465", "UB:CVE-2019-6467", "UB:CVE-2019-6468", "UB:CVE-2019-6469", "UB:CVE-2019-6471"]}, {"type": "veracode", "idList": ["VERACODE:21580", "VERACODE:21604", "VERACODE:21749", "VERACODE:22144", "VERACODE:22173", "VERACODE:22206", "VERACODE:22226", "VERACODE:27089", "VERACODE:28492", "VERACODE:32953"]}]}, "score": {"value": 1.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4442"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2018-5743", "ALPINE:CVE-2018-5744", "ALPINE:CVE-2018-5745", "ALPINE:CVE-2019-6465", "ALPINE:CVE-2019-6467", "ALPINE:CVE-2019-6471"]}, {"type": "amazon", "idList": ["ALAS-2019-1244", "ALAS-2019-1246"]}, {"type": "apple", "idList": ["APPLE:CF9C08BD8DDC6A4A1E0D3912347422D3", "APPLE:HT211100"]}, {"type": "archlinux", "idList": ["ASA-201902-25", "ASA-201906-16", "ASA-201910-11", "ASA-201910-12", "ASA-202002-3"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-71321"]}, {"type": "attackerkb", "idList": ["AKB:3C42D63D-858B-4BE3-8C0E-3423577B453B"]}, {"type": "centos", "idList": ["CESA-2019:1294", "CESA-2019:1492", "CESA-2019:1726"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-1220", "CPAI-2019-1439", "CPAI-2019-1443"]}, {"type": "chrome", "idList": ["GCSA-8579594118646068818"]}, {"type": "cisa", "idList": ["CISA:31A9423F65C396263BEB65CAE22F1B69", "CISA:81E156CCA8A49FD9195FBCF1442A77C0", "CISA:B6D550D7E68F298152BD6F14CCBAF6B2"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:517E4C2F9EA6E0BC6990C9D553E6E759", "CFOUNDRY:B9E12135BD01ABCFA846E41AF7C5D36A"]}, {"type": "cve", "idList": ["CVE-2018-5743", "CVE-2018-5744", "CVE-2018-5745", "CVE-2019-10773", "CVE-2019-12418", "CVE-2019-12749", "CVE-2019-1551", "CVE-2019-16276", "CVE-2019-17563", "CVE-2019-19232", "CVE-2019-19234", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-6465", "CVE-2019-6467", "CVE-2019-6468", "CVE-2019-6469", "CVE-2019-6471"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1697-1:2962B", "DEBIAN:DLA-1818-1:E9A9D", "DEBIAN:DLA-1859-1:5A253", "DEBIAN:DLA-2209-1:84C77", "DEBIAN:DSA-4440-1:DE2A1", "DEBIAN:DSA-4462-1:92FB2", "DEBIAN:DSA-4534-1:49373", "DEBIAN:DSA-4594-1:28CBC", "DEBIAN:DSA-4596-1:D180A", "DEBIAN:DSA-4680-1:FCF2B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-5743", "DEBIANCVE:CVE-2018-5744", "DEBIANCVE:CVE-2018-5745", "DEBIANCVE:CVE-2019-19880", "DEBIANCVE:CVE-2019-6465", "DEBIANCVE:CVE-2019-6467", "DEBIANCVE:CVE-2019-6468", "DEBIANCVE:CVE-2019-6469", "DEBIANCVE:CVE-2019-6471"]}, {"type": "f5", "idList": ["F5:K00040234", "F5:K01713115", "F5:K10092301", "F5:K25244852", "F5:K29538335", "F5:K51740320", "F5:K74009656"]}, {"type": "fedora", "idList": ["FEDORA:6EF18603E859"]}, {"type": "filippoio", "idList": ["FILIPPOIO:4B385378072DFC88E0366142791B2D01"]}, {"type": "freebsd", "idList": ["A92DCC5C-E05C-11E9-B589-10C37B4AC2EA", "D778DDB0-2338-11EA-A1C7-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201909-08", "GLSA-202004-10"]}, {"type": "github", "idList": ["GHSA-9XCJ-C8CR-8C3C", "GHSA-HH3J-X4MC-G48R"]}, {"type": "githubexploit", "idList": ["6CD8EE89-F461-5010-97F0-849A1F4EACC0"]}, {"type": "hackerone", "idList": ["H1:874427"]}, {"type": "ibm", "idList": ["0A425AE154320282FF38ABB3C8BA8D3AD10793B88A3CFCA031B295F986453B12", "10CB4A382F71235A232A4AC631C91468C4488E96D8D86D3E5C710149B035D0C6", "1E31E5192E10CAAECCFE249B0EEB57518F8681EB105FB477D1D108CDEEAD4DD9", "2E0D3D0CF86F6C48B680F76C93BAE1886AC182B679AAB019C0AA49D79D2D84BA", "3D146D20D9103ED9256B66FD53EDAF762F672F2AA4E03E30804B3593AC6BF9FB", "3ED399AF209808B1374AFCAC052B0FB4EB79FD66E665BCF34B20BDBF55F1A844", "4D6026D2378DFAE0342546A94E59324990A3422CAD2055D33C7BA1FDA462C7D2", "5ADB23E4C43F40AD933F7A5CBCBB7E5A2791B3C17559DA9640788D1A05D01DBB", "5ADDCDCCBCAA61DA8CF5B02CB5B449E5A5F2BFFE2D509DF07ECBF25E4F3493E4", "5DC8FB040A584733A88E3C4FB30004B815F71BE1D0193C00019FE31037DC709D", "5ED6F65C34FD095B48899720A6344EAE7FF857E7695EE530B2A53ACD626E084A", "64CA83B4AAA0FF268F5AB6411B7FFA8B5E6832BCA6CEC17E2AD91907E9D5A645", "6CFD1F4E92DE674FABBF5CB0AB382F8E451BC50559AF2503871032E5B3345584", "896C186FC78806A801DD528297944E87EABFE00A17B3EFEAEF67EC83E9AE3EB3", "D123779355BC4ABF556BE1CB1C0AC3B3376DE0C5AEACD6468D7153F832BCE791", "D539341B64A88A49490C3C0F20392F7B5A9616A42C069A2509BF53F2F8A4D618", "E817E7CC83FE8715306D28C653DB646FDADE31AB5B2E6D0633EF4C1838CEC408"]}, {"type": "ics", "idList": ["ICSA-22-069-09"]}, {"type": "kaspersky", "idList": ["KLA11626", "KLA11627", "KLA11660", "KLA11721"]}, {"type": "kitploit", "idList": ["KITPLOIT:8656177976839178440"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2019-17596/", "MSF:ILITIES/DEBIAN-CVE-2019-17596/", "MSF:ILITIES/FREEBSD-CVE-2019-1551/", "MSF:ILITIES/GENTOO-LINUX-CVE-2019-1551/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-1551/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-19234/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-1551/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-17596/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-17596/", "MSF:ILITIES/JUNIPER-JUNOS-OS-JSA11025/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-1551/", "MSF:ILITIES/ORACLE_LINUX-CVE-2019-1551/", "MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2019-1551/", "MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2019-19232/", "MSF:ILITIES/REDHAT_LINUX-CVE-2019-1551/", "MSF:ILITIES/UBUNTU-CVE-2019-1551/"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2209.NASL", "DEBIAN_DSA-4594.NASL", "DEBIAN_DSA-4596.NASL", "DEBIAN_DSA-4680.NASL", "EULEROS_SA-2019-2275.NASL", "EULEROS_SA-2019-2321.NASL", "EULEROS_SA-2019-2529.NASL", "EULEROS_SA-2019-2699.NASL", "EULEROS_SA-2020-1538.NASL", "EULEROS_SA-2020-1562.NASL", "EULEROS_SA-2020-1564.NASL", "EULEROS_SA-2021-1825.NASL", "FEDORA_2020-D7B29838F6.NASL", "FEDORA_2020-DA2D1EF2D7.NASL", "FREEBSD_PKG_D778DDB0233811EAA1C7B499BAEBFEAF.NASL", "GENTOO_GLSA-202004-10.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_21_1240.NASL", "ORACLEVM_OVMSA-2020-0021.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2020_CPU.NASL", "REDHAT-RHSA-2020-1520.NASL", "REDHAT-RHSA-2020-1804.NASL", "REDHAT-RHSA-2020-4514.NASL", "REDHAT-RHSA-2021-1030.NASL", "SLACKWARE_SSA_2019-354-01.NASL", "SL_20200407_BIND_ON_SL7_X.NASL", "SUSE_SU-2019-14111-1.NASL", "SUSE_SU-2020-14375-1.NASL", "TOMCAT_8_5_49.NASL", "UBUNTU_USN-3893-1.NASL", "UBUNTU_USN-4376-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704440", "OPENVAS:1361412562310704462", "OPENVAS:1361412562310704534", "OPENVAS:1361412562310704680", "OPENVAS:1361412562310843913", "OPENVAS:1361412562310843989", "OPENVAS:1361412562310844049", "OPENVAS:1361412562310844059", "OPENVAS:1361412562310844450", "OPENVAS:1361412562310852551", "OPENVAS:1361412562310852553", "OPENVAS:1361412562310852577", "OPENVAS:1361412562310852604", "OPENVAS:1361412562310852730", "OPENVAS:1361412562310875746", "OPENVAS:1361412562310876114", "OPENVAS:1361412562310876125", "OPENVAS:1361412562310876156", "OPENVAS:1361412562310876171", "OPENVAS:1361412562310876458", "OPENVAS:1361412562310876460", "OPENVAS:1361412562310876461", "OPENVAS:1361412562310876462", "OPENVAS:1361412562310876507", "OPENVAS:1361412562310876595", "OPENVAS:1361412562310876596", "OPENVAS:1361412562310876597", "OPENVAS:1361412562310876598", "OPENVAS:1361412562310876793", "OPENVAS:1361412562310876794", "OPENVAS:1361412562310876796", "OPENVAS:1361412562310876799", "OPENVAS:1361412562310876892", "OPENVAS:1361412562310876912", "OPENVAS:1361412562310877080", "OPENVAS:1361412562310877736", "OPENVAS:1361412562310877748", "OPENVAS:1361412562310877816", "OPENVAS:1361412562310883062", "OPENVAS:1361412562310883067", "OPENVAS:1361412562310883079", "OPENVAS:1361412562310891697", "OPENVAS:1361412562310891818", "OPENVAS:1361412562310891859", "OPENVAS:1361412562310892209", "OPENVAS:1361412562311220201538", "OPENVAS:1361412562311220201562", "OPENVAS:1361412562311220201564"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1145", "ELSA-2019-1294", "ELSA-2019-1492", "ELSA-2019-1714", "ELSA-2019-1726", "ELSA-2019-2057", "ELSA-2019-4816", "ELSA-2020-1804"]}, {"type": "photon", "idList": ["PHSA-2019-3.0-0036", "PHSA-2019-3.0-0037", "PHSA-2020-1.0-0264", "PHSA-2020-2.0-0198", "PHSA-2020-2.0-0199", "PHSA-2020-2.0-0200", "PHSA-2020-2.0-0201", "PHSA-2020-2.0-0204", "PHSA-2020-3.0-0048", "PHSA-2020-3.0-0051", "PHSA-2020-3.0-0054", "PHSA-2020-3.0-0057"]}, {"type": "redhat", "idList": ["RHSA-2019:2868", "RHSA-2019:2870", "RHSA-2022:0202", "RHSA-2022:0318"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5744", "RH:CVE-2018-5745", "RH:CVE-2019-10773", "RH:CVE-2019-11253", "RH:CVE-2019-12418", "RH:CVE-2019-1551", "RH:CVE-2019-17563", "RH:CVE-2019-19232", "RH:CVE-2019-19234", "RH:CVE-2019-19317", "RH:CVE-2019-19603", "RH:CVE-2019-19645", "RH:CVE-2019-19646", "RH:CVE-2019-19880", "RH:CVE-2019-19926", "RH:CVE-2019-20218", "RH:CVE-2019-6465", "RH:CVE-2019-6467", "RH:CVE-2019-6468", "RH:CVE-2019-6469", "RH:CVE-2019-6471", "RH:CVE-2019-6477"]}, {"type": "slackware", "idList": ["SSA-2019-116-01", "SSA-2019-171-01", "SSA-2019-354-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1532-1", "OPENSUSE-SU-2019:1533-1", "OPENSUSE-SU-2019:1604-1", "OPENSUSE-SU-2019:1671-1", "OPENSUSE-SU-2019:1750-1", "OPENSUSE-SU-2019:2263-1", "OPENSUSE-SU-2019:2265-1"]}, {"type": "symantec", "idList": ["SMNTC-1765", "SMNTC-1768"]}, {"type": "threatpost", "idList": ["THREATPOST:370E8753340A65AA22C611DB35A611BA", "THREATPOST:639EA1C04C8045117A5A3480A9967CB7"]}, {"type": "tomcat", "idList": ["TOMCAT:A66B656C929B7FB0E855CBC84E3CC1C3"]}, {"type": "ubuntu", "idList": ["USN-3893-1", "USN-3893-2", "USN-3956-1", "USN-3956-2", "USN-4015-1", "USN-4015-2", "USN-4026-1", "USN-4376-1", "USN-4394-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-10773", "UB:CVE-2019-11253", "UB:CVE-2019-12418", "UB:CVE-2019-1551", "UB:CVE-2019-16276", "UB:CVE-2019-17563", "UB:CVE-2019-17596", "UB:CVE-2019-19232", "UB:CVE-2019-19234", "UB:CVE-2019-19317", "UB:CVE-2019-19603", "UB:CVE-2019-19645", "UB:CVE-2019-19646", "UB:CVE-2019-19880", "UB:CVE-2019-20218"]}]}, "exploitation": null, "vulnersScore": 1.6}, "_state": {"dependencies": 1660012827, "score": 1659950154}, "_internal": {"score_hash": "768282e695ec90b08074535dd61ae995"}, "affectedPackage": [{"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.13.12-1.ph1", "packageFilename": "kubernetes-kubectl-extras-1.13.12-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "kubernetes-kubectl-extras"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.0.2u-1.ph1", "packageFilename": "openssl-1.0.2u-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "openssl"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.13.12-1.ph1", "packageFilename": "kubernetes-kubeadm-1.13.12-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "kubernetes-kubeadm"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.13.12-1.ph1", "packageFilename": "kubernetes-pause-1.13.12-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "kubernetes-pause"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.0.2u-1.ph1", "packageFilename": "openssl-c_rehash-1.0.2u-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "openssl-c_rehash"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "noarch", "packageVersion": "8.5.50-1.ph1", "packageFilename": "apache-tomcat-8.5.50-1.ph1.noarch.rpm", "operator": "lt", "packageName": "apache-tomcat"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.0.2u-1.ph1", "packageFilename": "openssl-perl-1.0.2u-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "openssl-perl"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.13.12-1.ph1", "packageFilename": "kubernetes-1.13.12-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "kubernetes"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.13.6-2.ph1", "packageFilename": "dbus-1.13.6-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "dbus"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.10.1-4.ph1", "packageFilename": "yarn-1.10.1-4.ph1.x86_64.rpm", "operator": "lt", "packageName": "yarn"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.0.2u-1.ph1", "packageFilename": "openssl-devel-1.0.2u-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "openssl-devel"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "3.30.1-2.ph1", "packageFilename": "sqlite-autoconf-3.30.1-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "sqlite-autoconf"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.13.6-2.ph1", "packageFilename": "dbus-devel-1.13.6-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "dbus-devel"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "9.15.5-1.ph1", "packageFilename": "bindutils-9.15.5-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "bindutils"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.8.30-1.ph1", "packageFilename": "sudo-1.8.30-1.ph1.x86_64.rpm", "operator": "lt", "packageName": "sudo"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "1.11.13-3.ph1", "packageFilename": "go-1.11.13-3.ph1.x86_64.rpm", "operator": "lt", "packageName": "go"}], "vendorCvss": {"severity": "critical"}}

{"photon": [{"lastseen": "2021-11-03T17:49:36", "description": "An update of {'openssl', 'apache-tomcat', 'sqlite-autoconf', 'yarn', 'dbus', 'go', 'kubernetes', 'sudo'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-15T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0264", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10773", "CVE-2019-11253", "CVE-2019-12418", "CVE-2019-12749", "CVE-2019-1551", "CVE-2019-16276", "CVE-2019-17563", "CVE-2019-17596", "CVE-2019-19232", "CVE-2019-19234", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-20218"], "modified": "2020-01-15T00:00:00", "id": "PHSA-2020-1.0-0264", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-264", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:23:57", "description": "Updates of ['go', 'yarn', 'sudo', 'apache-tomcat', 'sqlite'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-01-14T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0200", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10773", "CVE-2019-12418", "CVE-2019-16276", "CVE-2019-17563", "CVE-2019-17596", "CVE-2019-19232", "CVE-2019-19234", "CVE-2019-19645", "CVE-2019-19880", "CVE-2019-20218"], "modified": "2020-01-14T00:00:00", "id": "PHSA-2020-0200", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-200", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:49:58", "description": "Updates of ['bindutils', 'sqlite'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-18T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0049", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2018-5744", "CVE-2018-5745", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19925", "CVE-2019-20218", "CVE-2019-6465", "CVE-2019-6467", "CVE-2019-6471"], "modified": "2020-01-18T00:00:00", "id": "PHSA-2020-0049", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-49", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T20:59:36", "description": "An update of {'sqlite', 'yarn', 'apache-tomcat'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-2.0-0200", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10773", "CVE-2019-12418", "CVE-2019-17563", "CVE-2019-19645", "CVE-2019-19880", "CVE-2019-20218"], "modified": "2020-01-14T00:00:00", "id": "PHSA-2020-2.0-0200", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-200", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:24:47", "description": "Updates of ['bindutils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0199", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2018-5744", "CVE-2018-5745", "CVE-2019-6465", "CVE-2019-6467", "CVE-2019-6468", "CVE-2019-6469", "CVE-2019-6471", "CVE-2019-6475", "CVE-2019-6476"], "modified": "2019-12-30T00:00:00", "id": "PHSA-2019-0199", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-199", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-04T02:58:39", "description": "An update of {'sudo', 'dnsmasq', 'apache-tomcat'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-23T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-3.0-0051", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12418", "CVE-2019-14834", "CVE-2019-17563", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2020-01-23T00:00:00", "id": "PHSA-2020-3.0-0051", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-51", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:49:56", "description": "Updates of ['sudo', 'apache-tomcat', 'dnsmasq'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-01-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0051", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12418", "CVE-2019-14834", "CVE-2019-17563", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2020-01-23T00:00:00", "id": "PHSA-2020-0051", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-51", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T20:59:37", "description": "An update of {'python-cryptography', 'sqlite'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-03T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-2.0-0198", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10903", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19646"], "modified": "2020-01-03T00:00:00", "id": "PHSA-2020-2.0-0198", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-198", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:24:01", "description": "Updates of ['sqlite', 'python-cryptography'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-03T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0198", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10903", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19646"], "modified": "2019-01-03T00:00:00", "id": "PHSA-2019-0198", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-198", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T08:57:48", "description": "An update of {'bindutils'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-01-05T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-2.0-0199", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-6467", "CVE-2019-6468", "CVE-2019-6469", "CVE-2019-6471", "CVE-2019-6475", "CVE-2019-6476"], "modified": "2020-01-05T00:00:00", "id": "PHSA-2020-2.0-0199", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-199", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T18:50:16", "description": "Updates of ['file', 'e2fsprogs', 'go', 'libxslt'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-01T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0037", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16276", "CVE-2019-17596", "CVE-2019-18197", "CVE-2019-18218", "CVE-2019-5094"], "modified": "2019-11-01T00:00:00", "id": "PHSA-2019-0037", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-37", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-07-17T23:26:31", "description": "An update of the sqlite package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Sqlite PHSA-2020-1.0-0264", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-20218"], "modified": "2020-01-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:sqlite", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0264_SQLITE.NASL", "href": "https://www.tenable.com/plugins/nessus/132984", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0264. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132984);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/18\");\n\n script_cve_id(\n \"CVE-2019-19317\",\n \"CVE-2019-19603\",\n \"CVE-2019-19645\",\n \"CVE-2019-19646\",\n \"CVE-2019-19880\",\n \"CVE-2019-20218\"\n );\n\n script_name(english:\"Photon OS 1.0: Sqlite PHSA-2020-1.0-0264\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the sqlite package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-264.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-20218\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"sqlite-autoconf-3.30.1-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-17T23:30:21", "description": "An update of the sqlite package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Sqlite PHSA-2019-2.0-0198", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19646"], "modified": "2020-01-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:sqlite", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0198_SQLITE.NASL", "href": "https://www.tenable.com/plugins/nessus/132978", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0198. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132978);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/18\");\n\n script_cve_id(\"CVE-2019-19317\", \"CVE-2019-19603\", \"CVE-2019-19646\");\n\n script_name(english:\"Photon OS 2.0: Sqlite PHSA-2019-2.0-0198\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the sqlite package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-198.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19603\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"sqlite-3.27\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-3.27.2-7.ph2\")) flag++;\nif (rpm_exists(rpm:\"sqlite-3.27\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"src\", reference:\"sqlite-3.27.2-7.ph2.src\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-debuginfo-3.27.2-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-devel-3.27.2-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-libs-3.27.2-7.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-26T15:55:57", "description": "An update of the sqlite package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Sqlite PHSA-2020-2.0-0200", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19645", "CVE-2019-19880", "CVE-2019-20218"], "modified": "2020-01-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:sqlite", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0200_SQLITE.NASL", "href": "https://www.tenable.com/plugins/nessus/132989", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0200. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132989);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/18\");\n\n script_cve_id(\"CVE-2019-19645\", \"CVE-2019-19880\", \"CVE-2019-20218\");\n\n script_name(english:\"Photon OS 2.0: Sqlite PHSA-2020-2.0-0200\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the sqlite package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-200.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-20218\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"sqlite-3.30\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-3.30.1-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"sqlite-3.30\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"src\", reference:\"sqlite-3.30.1-1.ph2.src\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-debuginfo-3.30.1-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-devel-3.30.1-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-libs-3.30.1-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-11T14:23:30", "description": "Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-5744)\n\nIt was discovered that Bind incorrectly handled certain trust anchors when used with the 'managed-keys' feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2018-5745)\n\nIt was discovered that Bind incorrectly handled certain controls for zone transfers, contrary to expectations. (CVE-2019-6465).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-02-22T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Bind vulnerabilities (USN-3893-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5744", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bind9", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3893-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122399", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3893-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122399);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-5744\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n script_xref(name:\"USN\", value:\"3893-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Bind vulnerabilities (USN-3893-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A\nremote attacker could possibly use this issue to cause Bind to consume\nresources, leading to a denial of service. This issue only affected\nUbuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-5744)\n\nIt was discovered that Bind incorrectly handled certain trust anchors\nwhen used with the 'managed-keys' feature. A remote attacker could\npossibly use this issue to cause Bind to crash, resulting in a denial\nof service. (CVE-2018-5745)\n\nIt was discovered that Bind incorrectly handled certain controls for\nzone transfers, contrary to expectations. (CVE-2019-6465).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3893-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind9 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"bind9\", pkgver:\"1:9.9.5.dfsg-3ubuntu0.19\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"bind9\", pkgver:\"1:9.10.3.dfsg.P4-8ubuntu1.12\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"bind9\", pkgver:\"1:9.11.3+dfsg-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"bind9\", pkgver:\"1:9.11.4+dfsg-3ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind9\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-23T15:39:27", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687)\n\nCVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068).\n\nCVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185).\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\nNon-security issues fixed: Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367, bsc#1118368).\n\nFix FIPS related regression (bsc#1128220).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2019:2502-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465", "CVE-2019-6471"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-debuginfo", "p-cpe:/a:novell:suse_linux:bind-debugsource", "p-cpe:/a:novell:suse_linux:bind-utils", "p-cpe:/a:novell:suse_linux:bind-utils-debuginfo", "p-cpe:/a:novell:suse_linux:libbind9", "p-cpe:/a:novell:suse_linux:libbind9-160-debuginfo", "p-cpe:/a:novell:suse_linux:libdns169", "p-cpe:/a:novell:suse_linux:libdns169-debuginfo", "p-cpe:/a:novell:suse_linux:libirs160", "p-cpe:/a:novell:suse_linux:libirs160-debuginfo", "p-cpe:/a:novell:suse_linux:libisc166", "p-cpe:/a:novell:suse_linux:libisc166-debuginfo", "p-cpe:/a:novell:suse_linux:libisccc160", "p-cpe:/a:novell:suse_linux:libisccc160-debuginfo", "p-cpe:/a:novell:suse_linux:libisccfg160", "p-cpe:/a:novell:suse_linux:libisccfg160-debuginfo", "p-cpe:/a:novell:suse_linux:liblwres160", "p-cpe:/a:novell:suse_linux:liblwres160-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2502-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129526", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2502-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129526);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\", \"CVE-2019-6471\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2019:2502-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may\nnot be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687)\n\nCVE-2018-5745: Fixed a denial of service vulnerability if a trust\nanchor rolls over to an unsupported key algorithm when using\nmanaged-keys (bsc#1126068).\n\nCVE-2018-5743: Fixed a denial of service vulnerability which could be\ncaused by to many simultaneous TCP connections (bsc#1133185).\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the\n'deny-answer-aliases' feature (bsc#1104129).\n\nNon-security issues fixed: Don't rely on /etc/insserv.conf anymore for\nproper dependencies against nss-lookup.target in named.service and\nlwresd.service (bsc#1118367, bsc#1118368).\n\nFix FIPS related regression (bsc#1128220).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5743/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6465/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6471/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192502-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b6341fa\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-2502=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2502=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2502=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbind9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbind9-160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdns169\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdns169-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisc166\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisc166-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccc160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccc160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccfg160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccfg160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblwres160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblwres160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-chrootenv-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-debugsource-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-utils-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-utils-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libbind9-160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libbind9-160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdns169-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdns169-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libirs160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libirs160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisc166-32bit-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisc166-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisc166-debuginfo-32bit-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisc166-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisccc160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisccc160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisccfg160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisccfg160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"liblwres160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"liblwres160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-debugsource-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-utils-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-utils-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libbind9-160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libbind9-160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libdns169-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libdns169-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libirs160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libirs160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisc166-32bit-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisc166-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisc166-debuginfo-32bit-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisc166-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisccc160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisccc160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisccfg160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisccfg160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"liblwres160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"liblwres160-debuginfo-9.11.2-3.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:22:40", "description": "Multiple vulnerabilities were found in the BIND DNS server :\n\n - CVE-2018-5743 Connection limits were incorrectly enforced.\n\n - CVE-2018-5745 The 'managed-keys' feature was susceptible to denial of service by triggering an assert.\n\n - CVE-2019-6465 ACLs for zone transfers were incorrectly enforced for dynamically loadable zones (DLZs).", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-05-10T00:00:00", "type": "nessus", "title": "Debian DSA-4440-1 : bind9 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bind9", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4440.NASL", "href": "https://www.tenable.com/plugins/nessus/124722", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4440. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124722);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n script_xref(name:\"DSA\", value:\"4440\");\n\n script_name(english:\"Debian DSA-4440-1 : bind9 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in the BIND DNS server :\n\n - CVE-2018-5743\n Connection limits were incorrectly enforced.\n\n - CVE-2018-5745\n The 'managed-keys' feature was susceptible to denial of\n service by triggering an assert.\n\n - CVE-2019-6465\n ACLs for zone transfers were incorrectly enforced for\n dynamically loadable zones (DLZs).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-6465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4440\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the bind9 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1:9.10.3.dfsg.P4-12.3+deb9u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"bind9\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bind9-doc\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bind9-host\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bind9utils\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"dnsutils\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"host\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbind-dev\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbind-export-dev\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbind9-140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libdns-export162\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libdns-export162-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libdns162\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libirs-export141\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libirs-export141-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libirs141\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisc-export160\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisc-export160-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisc160\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccc-export140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccc-export140-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccc140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccfg-export140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccfg-export140-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccfg140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"liblwres141\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lwresd\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-16T15:25:33", "description": "An update of the bindutils package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Bindutils PHSA-2020-2.0-0199", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6467", "CVE-2019-6468", "CVE-2019-6469", "CVE-2019-6471", "CVE-2019-6475", "CVE-2019-6476"], "modified": "2020-01-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bindutils", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0199_BINDUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/132987", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0199. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132987);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/18\");\n\n script_cve_id(\n \"CVE-2019-6467\",\n \"CVE-2019-6468\",\n \"CVE-2019-6469\",\n \"CVE-2019-6471\",\n \"CVE-2019-6475\",\n \"CVE-2019-6476\"\n );\n script_bugtraq_id(\n 108070,\n 108071,\n 108517,\n 108854\n );\n\n script_name(english:\"Photon OS 2.0: Bindutils PHSA-2020-2.0-0199\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the bindutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-199.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6475\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bindutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"bindutils-9.15\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"bindutils-9.15.5-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"bindutils-9.15\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"src\", reference:\"bindutils-9.15.5-1.ph2.src\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"bindutils-debuginfo-9.15.5-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bindutils\");\n}\n\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-03-19T19:59:06", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1804 advisory.\n\n - sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user (CVE-2019-19232)\n\n - sudo: by using ! character in the shadow file instead of a password hash can access to a run as all sudoer account (CVE-2019-19234)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "RHEL 8 : sudo (RHSA-2020:1804)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19232", "CVE-2019-19234"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:sudo"], "id": "REDHAT-RHSA-2020-1804.NASL", "href": "https://www.tenable.com/plugins/nessus/143004", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1804. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143004);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\"CVE-2019-19232\");\n script_xref(name:\"RHSA\", value:\"2020:1804\");\n\n script_name(english:\"RHEL 8 : sudo (RHSA-2020:1804)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1804 advisory.\n\n - sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user\n (CVE-2019-19232)\n\n - sudo: by using ! character in the shadow file instead of a password hash can access to a run as all sudoer\n account (CVE-2019-19234)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786708\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(284);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_2_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_2_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_2_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'sudo-1.8.29-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'sudo-1.8.29-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'sudo-1.8.29-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'sudo');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:17:09", "description": "An update of the sudo package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Sudo PHSA-2020-1.0-0264", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19232", "CVE-2019-19234"], "modified": "2020-01-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:sudo", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0264_SUDO.NASL", "href": "https://www.tenable.com/plugins/nessus/132985", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0264. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132985);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/18\");\n\n script_cve_id(\"CVE-2019-19232\", \"CVE-2019-19234\");\n\n script_name(english:\"Photon OS 1.0: Sudo PHSA-2020-1.0-0264\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the sudo package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-264.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19234\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"sudo-1.8.30-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-23T15:28:47", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\n - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068).\n\n - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185).\n\n - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bind (openSUSE-2019-1533)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2020-09-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind", "p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-debuginfo", "p-cpe:/a:novell:opensuse:bind-debugsource", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind-devel-32bit", "p-cpe:/a:novell:opensuse:bind-lwresd", "p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-utils-debuginfo", "p-cpe:/a:novell:opensuse:libbind9-160", "p-cpe:/a:novell:opensuse:libbind9-160-32bit", "p-cpe:/a:novell:opensuse:libbind9-160-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libbind9-160-debuginfo", "p-cpe:/a:novell:opensuse:libdns169", "p-cpe:/a:novell:opensuse:libdns169-32bit", "p-cpe:/a:novell:opensuse:libdns169-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdns169-debuginfo", "p-cpe:/a:novell:opensuse:libirs-devel", "p-cpe:/a:novell:opensuse:libirs160", "p-cpe:/a:novell:opensuse:libirs160-32bit", "p-cpe:/a:novell:opensuse:libirs160-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libirs160-debuginfo", "p-cpe:/a:novell:opensuse:libisc166", "p-cpe:/a:novell:opensuse:libisc166-32bit", "p-cpe:/a:novell:opensuse:libisc166-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisc166-debuginfo", "p-cpe:/a:novell:opensuse:libisccc160", "p-cpe:/a:novell:opensuse:libisccc160-32bit", "p-cpe:/a:novell:opensuse:libisccc160-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisccc160-debuginfo", "p-cpe:/a:novell:opensuse:libisccfg160", "p-cpe:/a:novell:opensuse:libisccfg160-32bit", "p-cpe:/a:novell:opensuse:libisccfg160-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisccfg160-debuginfo", "p-cpe:/a:novell:opensuse:liblwres160", "p-cpe:/a:novell:opensuse:liblwres160-32bit", "p-cpe:/a:novell:opensuse:liblwres160-32bit-debuginfo", "p-cpe:/a:novell:opensuse:liblwres160-debuginfo", "p-cpe:/a:novell:opensuse:python3-bind", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-1533.NASL", "href": "https://www.tenable.com/plugins/nessus/125808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1533.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125808);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n\n script_name(english:\"openSUSE Security Update : bind (openSUSE-2019-1533)\");\n script_summary(english:\"Check for the openSUSE-2019-1533 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-6465: Fixed an issue where controls for zone\n transfers may not be properly applied to Dynamically\n Loadable Zones (bsc#1126069).\n\n - CVE-2018-5745: Fixed a denial of service vulnerability\n if a trust anchor rolls over to an unsupported key\n algorithm when using managed-keys (bsc#1126068).\n\n - CVE-2018-5743: Fixed a denial of service vulnerability\n which could be caused by to many simultaneous TCP\n connections (bsc#1133185).\n\n - CVE-2018-5740: Fixed a denial of service vulnerability\n in the 'deny-answer-aliases' feature (bsc#1104129).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133185\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-160-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-160-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns169\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns169-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns169-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns169-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs160-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs160-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc166\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc166-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc166-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc166-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc160-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc160-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg160-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg160-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblwres160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblwres160-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblwres160-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblwres160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-chrootenv-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-debugsource-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-devel-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-lwresd-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-lwresd-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-utils-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-utils-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbind9-160-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbind9-160-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdns169-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdns169-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libirs-devel-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libirs160-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libirs160-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisc166-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisc166-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccc160-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccc160-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccfg160-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccfg160-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"liblwres160-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"liblwres160-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-bind-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"bind-devel-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libbind9-160-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libbind9-160-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdns169-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdns169-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libirs160-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libirs160-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisc166-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisc166-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccc160-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccc160-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccfg160-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccfg160-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"liblwres160-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"liblwres160-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chrootenv / bind-debuginfo / bind-debugsource / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-23T15:28:11", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\n - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\n - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068)\n\n - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bind (openSUSE-2019-1532)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind", "p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-debuginfo", "p-cpe:/a:novell:opensuse:bind-debugsource", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind-libs", "p-cpe:/a:novell:opensuse:bind-libs-32bit", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bind-lwresd", "p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-utils-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1532.NASL", "href": "https://www.tenable.com/plugins/nessus/125807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1532.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125807);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n\n script_name(english:\"openSUSE Security Update : bind (openSUSE-2019-1532)\");\n script_summary(english:\"Check for the openSUSE-2019-1532 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-5740: Fixed a denial of service vulnerability\n in the 'deny-answer-aliases' feature (bsc#1104129).\n\n - CVE-2019-6465: Fixed an issue where controls for zone\n transfers may not be properly applied to Dynamically\n Loadable Zones (bsc#1126069).\n\n - CVE-2018-5745: An assertion failure can occur if a trust\n anchor rolls over to an unsupported key algorithm when\n using managed-keys. (bsc#1126068)\n\n - CVE-2018-5743: Limiting simultaneous TCP clients is\n ineffective. (bsc#1133185)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133185\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-chrootenv-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-debuginfo-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-debugsource-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-devel-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-libs-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-libs-debuginfo-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-lwresd-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-lwresd-debuginfo-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-utils-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-utils-debuginfo-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-56.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chrootenv / bind-debuginfo / bind-debugsource / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-23T15:27:51", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\nCVE-2018-5743: Limiting simultaneous TCP clients is ineffective.\n(bsc#1133185)\n\nCVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys.\n(bsc#1126068)\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-06-07T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : bind (SUSE-SU-2019:14074-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-doc", "p-cpe:/a:novell:suse_linux:bind-libs", "p-cpe:/a:novell:suse_linux:bind-utils", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14074-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125759", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:14074-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125759);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2018-5740\",\n \"CVE-2018-5743\",\n \"CVE-2018-5745\",\n \"CVE-2019-6465\"\n );\n\n script_name(english:\"SUSE SLES11 Security Update : bind (SUSE-SU-2019:14074-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the\n'deny-answer-aliases' feature (bsc#1104129).\n\nCVE-2018-5743: Limiting simultaneous TCP clients is ineffective.\n(bsc#1133185)\n\nCVE-2018-5745: An assertion failure can occur if a trust anchor rolls\nover to an unsupported key algorithm when using managed-keys.\n(bsc#1126068)\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may\nnot be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-5740/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-5743/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-5745/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6465/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-201914074-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3b110680\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4-LTSS:zypper in -t patch\nslessp4-bind-14074=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-bind-14074=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-bind-14074=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-bind-14074=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-chrootenv-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-doc-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-libs-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-utils-9.9.6P1-0.51.15.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-23T15:28:47", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068).\n\nCVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185).\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2019:1407-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-debuginfo", "p-cpe:/a:novell:suse_linux:bind-debugsource", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-lwresd", "p-cpe:/a:novell:suse_linux:bind-lwresd-debuginfo", "p-cpe:/a:novell:suse_linux:bind-utils", "p-cpe:/a:novell:suse_linux:bind-utils-debuginfo", "p-cpe:/a:novell:suse_linux:libbind9", "p-cpe:/a:novell:suse_linux:libbind9-160-debuginfo", "p-cpe:/a:novell:suse_linux:libdns169", "p-cpe:/a:novell:suse_linux:libdns169-debuginfo", "p-cpe:/a:novell:suse_linux:libirs-devel", "p-cpe:/a:novell:suse_linux:libirs160", "p-cpe:/a:novell:suse_linux:libirs160-debuginfo", "p-cpe:/a:novell:suse_linux:libisc166", "p-cpe:/a:novell:suse_linux:libisc166-debuginfo", "p-cpe:/a:novell:suse_linux:libisccc160", "p-cpe:/a:novell:suse_linux:libisccc160-debuginfo", "p-cpe:/a:novell:suse_linux:libisccfg160", "p-cpe:/a:novell:suse_linux:libisccfg160-debuginfo", "p-cpe:/a:novell:suse_linux:liblwres160", "p-cpe:/a:novell:suse_linux:liblwres160-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1407-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125703", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1407-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125703);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2019:1407-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may\nnot be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2018-5745: Fixed a denial of service vulnerability if a trust\nanchor rolls over to an unsupported key algorithm when using\nmanaged-keys (bsc#1126068).\n\nCVE-2018-5743: Fixed a denial of service vulnerability which could be\ncaused by to many simultaneous TCP connections (bsc#1133185).\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the\n'deny-answer-aliases' feature (bsc#1104129).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5743/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6465/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191407-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96c92c58\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1407=1\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-1407=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1407=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1407=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-1407=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1407=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-lwresd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbind9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbind9-160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdns169\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdns169-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisc166\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisc166-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccc160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccc160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccfg160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccfg160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblwres160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblwres160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-chrootenv-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-debugsource-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-lwresd-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-lwresd-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-utils-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-utils-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbind9-160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbind9-160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdns169-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdns169-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libirs-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libirs160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libirs160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisc166-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisc166-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccc160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccc160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccfg160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccfg160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"liblwres160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"liblwres160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-chrootenv-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-debugsource-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-lwresd-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-lwresd-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-utils-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-utils-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libbind9-160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libbind9-160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libdns169-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libdns169-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libirs-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libirs160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libirs160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisc166-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisc166-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisccc160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisccc160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisccfg160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisccfg160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblwres160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblwres160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-debugsource-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-lwresd-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-lwresd-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-utils-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-utils-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbind9-160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbind9-160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdns169-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdns169-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libirs-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libirs160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libirs160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisc166-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisc166-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccc160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccc160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccfg160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccfg160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"liblwres160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"liblwres160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-debugsource-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-lwresd-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-lwresd-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-utils-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-utils-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libbind9-160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libbind9-160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libdns169-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libdns169-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libirs-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libirs160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libirs160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisc166-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisc166-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisccc160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisccc160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisccfg160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisccfg160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblwres160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblwres160-debuginfo-9.11.2-12.11.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-23T15:28:46", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys.\n(bsc#1126068)\n\nCVE-2018-5743: Limiting simultaneous TCP clients is ineffective.\n(bsc#1133185)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : bind (SUSE-SU-2019:1449-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-debuginfo", "p-cpe:/a:novell:suse_linux:bind-debugsource", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-libs", "p-cpe:/a:novell:suse_linux:bind-libs-debuginfo", "p-cpe:/a:novell:suse_linux:bind-utils", "p-cpe:/a:novell:suse_linux:bind-utils-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1449-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125799", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1449-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125799);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n\n script_name(english:\"SUSE SLES12 Security Update : bind (SUSE-SU-2019:1449-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the\n'deny-answer-aliases' feature (bsc#1104129).\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may\nnot be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2018-5745: An assertion failure can occur if a trust anchor rolls\nover to an unsupported key algorithm when using managed-keys.\n(bsc#1126068)\n\nCVE-2018-5743: Limiting simultaneous TCP clients is ineffective.\n(bsc#1133185)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5743/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6465/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191449-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f727aa3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-1449=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-chrootenv-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-debuginfo-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-debugsource-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-devel-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-libs-32bit-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-libs-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-libs-debuginfo-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-utils-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-utils-debuginfo-9.9.9P1-28.42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-11T15:42:36", "description": "According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition leading to denial of service was found in the way bind handled certain malformed packets. A remote attacker who could cause the bind resolver to perform queries on a server, which responds deliberately with malformed answers, could cause named to exit.(CVE-2019-6471)\n\n - A failure to free memory can occur when processing messages having a specific combination of EDNS options.\n Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3\n -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.(CVE-2018-5744)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-01-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : bind (EulerOS-SA-2020-1047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5744", "CVE-2019-6471"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind-export-libs", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-utils", "p-cpe:/a:huawei:euleros:python3-bind", "cpe:/o:huawei:euleros:uvp:3.0.5.0"], "id": "EULEROS_SA-2020-1047.NASL", "href": "https://www.tenable.com/plugins/nessus/132801", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132801);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-5744\",\n \"CVE-2019-6471\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : bind (EulerOS-SA-2020-1047)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bind packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - A race condition leading to denial of service was found\n in the way bind handled certain malformed packets. A\n remote attacker who could cause the bind resolver to\n perform queries on a server, which responds\n deliberately with malformed answers, could cause named\n to exit.(CVE-2019-6471)\n\n - A failure to free memory can occur when processing\n messages having a specific combination of EDNS options.\n Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3\n -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions\n 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview\n Edition. Versions 9.13.0 -> 9.13.6 of the 9.13\n development branch are also affected.(CVE-2018-5744)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1047\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d7d7f010\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-export-libs-9.11.4-10.P2.h16.eulerosv2r8\",\n \"bind-libs-9.11.4-10.P2.h16.eulerosv2r8\",\n \"bind-libs-lite-9.11.4-10.P2.h16.eulerosv2r8\",\n \"bind-license-9.11.4-10.P2.h16.eulerosv2r8\",\n \"bind-utils-9.11.4-10.P2.h16.eulerosv2r8\",\n \"python3-bind-9.11.4-10.P2.h16.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-31T16:04:26", "description": "According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.(CVE-2019-16276)\n\n - Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.(CVE-2019-17596)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-12-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : golang (EulerOS-SA-2019-2529)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16276", "CVE-2019-17596"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:golang", "p-cpe:/a:huawei:euleros:golang-bin", "p-cpe:/a:huawei:euleros:golang-src", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2529.NASL", "href": "https://www.tenable.com/plugins/nessus/131803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131803);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2019-16276\", \"CVE-2019-17596\");\n script_xref(name:\"IAVB\", value:\"2019-B-0085-S\");\n\n script_name(english:\"EulerOS 2.0 SP5 : golang (EulerOS-SA-2019-2529)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the golang packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP\n Request Smuggling.(CVE-2019-16276)\n\n - Go before 1.12.11 and 1.3.x before 1.13.2 can panic\n upon an attempt to process network traffic containing\n an invalid DSA public key. There are several attack\n scenarios, such as traffic from a client to a server\n that verifies client certificates.(CVE-2019-17596)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2529\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c8b3840\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected golang packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"golang-1.12-6.eulerosv2r7\",\n \"golang-bin-1.12-6.eulerosv2r7\",\n \"golang-src-1.12-6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-31T16:03:22", "description": "This update for go1.12 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082).\n\nCVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).\n\nNon-security issue fixed: Go was updated to version 1.12.12 (bsc#1141689).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : go1.12 (SUSE-SU-2019:2940-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16276", "CVE-2019-17596"], "modified": "2020-10-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:go1.12", "p-cpe:/a:novell:suse_linux:go1.12-doc", "p-cpe:/a:novell:suse_linux:go1.12-race", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2940-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130900", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2940-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130900);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\"CVE-2019-16276\", \"CVE-2019-17596\");\n script_xref(name:\"IAVB\", value:\"2019-B-0085-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : go1.12 (SUSE-SU-2019:2940-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for go1.12 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-16276: Fixed the handling of invalid HTTP headers, which had\nallowed request smuggling (bsc#1152082).\n\nCVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public\nkeys (bsc#1154402).\n\nNon-security issue fixed: Go was updated to version 1.12.12\n(bsc#1141689).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16276/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17596/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192940-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87adda11\");\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2940=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2940=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.12-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.12-race\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"go1.12-race-1.12.12-1.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"go1.12-1.12.12-1.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"go1.12-doc-1.12.12-1.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"go1.12-1.12.12-1.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"go1.12-doc-1.12.12-1.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"go1.12-race-1.12.12-1.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"go1.12-1.12.12-1.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"go1.12-doc-1.12.12-1.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"go1.12-1.12.12-1.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"go1.12-doc-1.12.12-1.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go1.12\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-31T16:27:09", "description": "An update of the go package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Go PHSA-2020-1.0-0264", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16276", "CVE-2019-17596"], "modified": "2020-01-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:go", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0264_GO.NASL", "href": "https://www.tenable.com/plugins/nessus/132981", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0264. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132981);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/18\");\n\n script_cve_id(\"CVE-2019-16276\", \"CVE-2019-17596\");\n\n script_name(english:\"Photon OS 1.0: Go PHSA-2020-1.0-0264\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the go package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-264.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16276\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:go\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"go-1.11.13-3.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go\");\n}\n\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-31T16:27:52", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0101 advisory.\n\n - golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling (CVE-2019-16276)\n\n - golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "RHEL 7 : go-toolset-1.12-golang (RHSA-2020:0101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16276", "CVE-2019-17596"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-build", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-bin", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-docs", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-misc", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-race", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-src", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-tests", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-runtime"], "id": "REDHAT-RHSA-2020-0101.NASL", "href": "https://www.tenable.com/plugins/nessus/132948", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0101. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132948);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\"CVE-2019-16276\", \"CVE-2019-17596\");\n script_xref(name:\"RHSA\", value:\"2020:0101\");\n script_xref(name:\"IAVB\", value:\"2019-B-0085-S\");\n\n script_name(english:\"RHEL 7 : go-toolset-1.12-golang (RHSA-2020:0101)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0101 advisory.\n\n - golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling\n (CVE-2019-16276)\n\n - golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/444.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16276\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1755969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763310\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16276\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(295, 444);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.12-runtime\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'devtools_2018': [\n 'rhel-7-server-devtools-debug-rpms',\n 'rhel-7-server-devtools-rpms',\n 'rhel-7-server-devtools-source-rpms',\n 'rhel-7-server-for-system-z-a-devtools-debug-rpms',\n 'rhel-7-server-for-system-z-a-devtools-rpms',\n 'rhel-7-server-for-system-z-a-devtools-source-rpms',\n 'rhel-7-server-for-system-z-devtools-debug-rpms',\n 'rhel-7-server-for-system-z-devtools-rpms',\n 'rhel-7-server-for-system-z-devtools-source-rpms',\n 'rhel-7-workstation-devtools-debug-rpms',\n 'rhel-7-workstation-devtools-rpms',\n 'rhel-7-workstation-devtools-source-rpms'\n ],\n 'devtools_2019': [\n 'rhel-7-server-devtools-debug-rpms',\n 'rhel-7-server-devtools-rpms',\n 'rhel-7-server-devtools-source-rpms',\n 'rhel-7-server-for-system-z-a-devtools-debug-rpms',\n 'rhel-7-server-for-system-z-a-devtools-rpms',\n 'rhel-7-server-for-system-z-a-devtools-source-rpms',\n 'rhel-7-server-for-system-z-devtools-debug-rpms',\n 'rhel-7-server-for-system-z-devtools-rpms',\n 'rhel-7-server-for-system-z-devtools-source-rpms',\n 'rhel-7-workstation-devtools-debug-rpms',\n 'rhel-7-workstation-devtools-rpms',\n 'rhel-7-workstation-devtools-source-rpms'\n ],\n 'devtools_2020': [\n 'rhel-7-server-devtools-debug-rpms',\n 'rhel-7-server-devtools-rpms',\n 'rhel-7-server-devtools-source-rpms',\n 'rhel-7-server-for-system-z-devtools-debug-rpms',\n 'rhel-7-server-for-system-z-devtools-rpms',\n 'rhel-7-server-for-system-z-devtools-source-rpms',\n 'rhel-7-workstation-devtools-debug-rpms',\n 'rhel-7-workstation-devtools-rpms',\n 'rhel-7-workstation-devtools-source-rpms'\n ],\n 'devtools_2021': [\n 'rhel-7-server-devtools-debug-rpms',\n 'rhel-7-server-devtools-rpms',\n 'rhel-7-server-devtools-source-rpms',\n 'rhel-7-server-for-system-z-devtools-debug-rpms',\n 'rhel-7-server-for-system-z-devtools-rpms',\n 'rhel-7-server-for-system-z-devtools-source-rpms',\n 'rhel-7-workstation-devtools-debug-rpms',\n 'rhel-7-workstation-devtools-rpms',\n 'rhel-7-workstation-devtools-source-rpms'\n ],\n 'devtools_2_el7': [\n 'rhel-7-server-devtools-debug-rpms',\n 'rhel-7-server-devtools-rpms',\n 'rhel-7-server-devtools-source-rpms',\n 'rhel-7-server-for-system-z-devtools-debug-rpms',\n 'rhel-7-server-for-system-z-devtools-rpms',\n 'rhel-7-server-for-system-z-devtools-source-rpms',\n 'rhel-7-workstation-devtools-debug-rpms',\n 'rhel-7-workstation-devtools-rpms',\n 'rhel-7-workstation-devtools-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'go-toolset-1.12-1.12.12-4.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-1.12.12-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-build-1.12.12-4.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-build-1.12.12-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-1.12.12-4.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-1.12.12-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-bin-1.12.12-4.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-bin-1.12.12-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-docs-1.12.12-4.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-misc-1.12.12-4.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-misc-1.12.12-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-race-1.12.12-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-src-1.12.12-4.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-src-1.12.12-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-tests-1.12.12-4.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-golang-tests-1.12.12-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-runtime-1.12.12-4.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']},\n {'reference':'go-toolset-1.12-runtime-1.12.12-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['devtools_2018', 'devtools_2019', 'devtools_2020', 'devtools_2021', 'devtools_2_el7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go-toolset-1.12 / go-toolset-1.12-build / go-toolset-1.12-golang / etc');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-31T16:02:21", "description": "This update for go1.12 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082).\n\n - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).\n\nNon-security issue fixed :\n\n - Go was updated to version 1.12.12 (bsc#1141689).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-11-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : go1.12 (openSUSE-2019-2521)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16276", "CVE-2019-17596"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:go1.12", "p-cpe:/a:novell:opensuse:go1.12-race", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-2521.NASL", "href": "https://www.tenable.com/plugins/nessus/131116", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2521.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131116);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-16276\", \"CVE-2019-17596\");\n script_xref(name:\"IAVB\", value:\"2019-B-0085-S\");\n\n script_name(english:\"openSUSE Security Update : go1.12 (openSUSE-2019-2521)\");\n script_summary(english:\"Check for the openSUSE-2019-2521 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for go1.12 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-16276: Fixed the handling of invalid HTTP\n headers, which had allowed request smuggling\n (bsc#1152082).\n\n - CVE-2019-17596: Fixed a panic in dsa.Verify caused by\n invalid public keys (bsc#1154402).\n\nNon-security issue fixed :\n\n - Go was updated to version 1.12.12 (bsc#1141689).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154402\");\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected go1.12 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go1.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go1.12-race\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"go1.12-1.12.12-lp150.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"go1.12-race-1.12.12-lp150.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go1.12 / go1.12-race\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-31T16:02:51", "description": "This update for go1.12 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082).\n\n - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).\n\nNon-security issue fixed :\n\n - Go was updated to version 1.12.12 (bsc#1141689).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-11-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : go1.12 (openSUSE-2019-2522)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16276", "CVE-2019-17596"], "modified": "2020-10-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:go1.12", "p-cpe:/a:novell:opensuse:go1.12-race", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2522.NASL", "href": "https://www.tenable.com/plugins/nessus/131117", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2522.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131117);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\"CVE-2019-16276\", \"CVE-2019-17596\");\n script_xref(name:\"IAVB\", value:\"2019-B-0085-S\");\n\n script_name(english:\"openSUSE Security Update : go1.12 (openSUSE-2019-2522)\");\n script_summary(english:\"Check for the openSUSE-2019-2522 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for go1.12 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-16276: Fixed the handling of invalid HTTP\n headers, which had allowed request smuggling\n (bsc#1152082).\n\n - CVE-2019-17596: Fixed a panic in dsa.Verify caused by\n invalid public keys (bsc#1154402).\n\nNon-security issue fixed :\n\n - Go was updated to version 1.12.12 (bsc#1141689).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154402\");\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected go1.12 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go1.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go1.12-race\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"go1.12-1.12.12-lp151.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"go1.12-race-1.12.12-lp151.2.25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go1.12 / go1.12-race\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-31T16:36:53", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0329 advisory.\n\n - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. (CVE-2019-16276)\n\n - Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. (CVE-2019-17596)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : go-toolset:ol8 (ELSA-2020-0329)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16276", "CVE-2019-17596"], "modified": "2021-05-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:go-toolset", "p-cpe:/a:oracle:linux:golang", "p-cpe:/a:oracle:linux:golang-bin", "p-cpe:/a:oracle:linux:golang-docs", "p-cpe:/a:oracle:linux:golang-misc", "p-cpe:/a:oracle:linux:golang-race", "p-cpe:/a:oracle:linux:golang-src", "p-cpe:/a:oracle:linux:golang-tests"], "id": "ORACLELINUX_ELSA-2020-0329.NASL", "href": "https://www.tenable.com/plugins/nessus/140032", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-0329.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140032);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/11\");\n\n script_cve_id(\"CVE-2019-16276\", \"CVE-2019-17596\");\n\n script_name(english:\"Oracle Linux 8 : go-toolset:ol8 (ELSA-2020-0329)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-0329 advisory.\n\n - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. (CVE-2019-16276)\n\n - Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing\n an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server\n that verifies client certificates. (CVE-2019-17596)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-0329.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16276\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-tests\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/go-toolset');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:ol8');\nif ('ol8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module go-toolset:' + module_ver);\n\nappstreams = {\n 'go-toolset:ol8': [\n {'reference':'go-toolset-1.12.12-2.module+el8.1.0+5478+8384556e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.12.12-2.module+el8.1.0+5478+8384556e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.12.12-4.0.1.module+el8.1.0+5478+8384556e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.12.12-4.0.1.module+el8.1.0+5478+8384556e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.12.12-4.0.1.module+el8.1.0+5478+8384556e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.12.12-4.0.1.module+el8.1.0+5478+8384556e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.12.12-4.0.1.module+el8.1.0+5478+8384556e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.12.12-4.0.1.module+el8.1.0+5478+8384556e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.12.12-4.0.1.module+el8.1.0+5478+8384556e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.12.12-4.0.1.module+el8.1.0+5478+8384556e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.12.12-4.0.1.module+el8.1.0+5478+8384556e', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:ol8');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go-toolset / golang / golang-bin / etc');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-31T15:27:23", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:0329 advisory.\n\n - golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling (CVE-2019-16276)\n\n - golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : go-toolset:rhel8 (CESA-2020:0329)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16276", "CVE-2019-17596"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:go-toolset", "p-cpe:/a:centos:centos:golang", "p-cpe:/a:centos:centos:golang-bin", "p-cpe:/a:centos:centos:golang-docs", "p-cpe:/a:centos:centos:golang-misc", "p-cpe:/a:centos:centos:golang-race", "p-cpe:/a:centos:centos:golang-src", "p-cpe:/a:centos:centos:golang-tests"], "id": "CENTOS8_RHSA-2020-0329.NASL", "href": "https://www.tenable.com/plugins/nessus/145950", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:0329. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145950);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2019-16276\", \"CVE-2019-17596\");\n script_xref(name:\"RHSA\", value:\"2020:0329\");\n\n script_name(english:\"CentOS 8 : go-toolset:rhel8 (CESA-2020:0329)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:0329 advisory.\n\n - golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling\n (CVE-2019-16276)\n\n - golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0329\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16276\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-tests\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/go-toolset');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');\nif ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module go-toolset:' + module_ver);\n\nappstreams = {\n 'go-toolset:rhel8': [\n {'reference':'go-toolset-1.12.12-2.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.12.12-2.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.12.12-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.12.12-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.12.12-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.12.12-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.12.12-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.12.12-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.12.12-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.12.12-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.12.12-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.12.12-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.12.12-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.12.12-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.12.12-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.12.12-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go-toolset / golang / golang-bin / golang-docs / golang-misc / etc');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:19:09", "description": "An update for bind is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745)\n\n* bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "RHEL 8 : bind (RHSA-2019:3552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5745", "CVE-2019-6465"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-debugsource", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-export-devel", "p-cpe:/a:redhat:enterprise_linux:bind-export-libs", "p-cpe:/a:redhat:enterprise_linux:bind-export-libs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-libs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-license", "p-cpe:/a:redhat:enterprise_linux:bind-lite-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "p-cpe:/a:redhat:enterprise_linux:bind-utils-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python3-bind", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3552.NASL", "href": "https://www.tenable.com/plugins/nessus/130551", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3552. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130551);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2018-5745\", \"CVE-2019-6465\");\n script_xref(name:\"RHSA\", value:\"2019:3552\");\n\n script_name(english:\"RHEL 8 : bind (RHSA-2019:3552)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: An assertion failure if a trust anchor rolls over to an\nunsupported key algorithm when using managed-keys (CVE-2018-5745)\n\n* bind: Controls for zone transfers may not be properly applied to\nDLZs if the zones are writable (CVE-2019-6465)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?774148ae\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-6465\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-export-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3552\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-chroot-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-chroot-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-debugsource-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-debugsource-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-debugsource-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-export-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-export-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-export-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-export-libs-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-export-libs-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-export-libs-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-export-libs-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-export-libs-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-export-libs-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-libs-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-libs-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-libs-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-libs-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-libs-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-libs-lite-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-libs-lite-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-libs-lite-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-libs-lite-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-libs-lite-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"bind-license-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-lite-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-lite-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-pkcs11-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-pkcs11-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-pkcs11-libs-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-libs-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-utils-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-sdb-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-sdb-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-sdb-chroot-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-sdb-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-sdb-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-sdb-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-utils-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-utils-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-utils-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-utils-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-utils-debuginfo-9.11.4-26.P2.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"python3-bind-9.11.4-26.P2.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-debugsource / bind-devel / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:21:08", "description": "According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An assertion failure was found in the way bind implemented the 'managed keys' feature. An attacker could use this flaw to cause the named daemon to crash.\n This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker.(CVE-2018-5745)\n\n - It was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones (DLZs). An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the 'allow-transfer' ACL.(CVE-2019-6465)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : bind (EulerOS-SA-2019-1822)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5745", "CVE-2019-6465"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-chroot", "p-cpe:/a:huawei:euleros:bind-export-devel", "p-cpe:/a:huawei:euleros:bind-export-libs", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-pkcs11", "p-cpe:/a:huawei:euleros:bind-pkcs11-libs", "p-cpe:/a:huawei:euleros:bind-pkcs11-utils", "p-cpe:/a:huawei:euleros:bind-utils", "p-cpe:/a:huawei:euleros:python3-bind", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1822.NASL", "href": "https://www.tenable.com/plugins/nessus/128191", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128191);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-5745\",\n \"CVE-2019-6465\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : bind (EulerOS-SA-2019-1822)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bind packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An assertion failure was found in the way bind\n implemented the 'managed keys' feature. An attacker\n could use this flaw to cause the named daemon to crash.\n This flaw is very difficult for an attacker to trigger\n because it requires an operator to have BIND configured\n to use a trust anchor managed by the\n attacker.(CVE-2018-5745)\n\n - It was found that the controls for zone transfer were\n not properly applied to Dynamically Loadable Zones\n (DLZs). An attacker acting as a DNS client could use\n this flaw to request and receive a zone transfer of a\n DLZ even when not permitted to do so by the\n 'allow-transfer' ACL.(CVE-2019-6465)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1822\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68ff034d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.11.4-10.P2.h10.eulerosv2r8\",\n \"bind-chroot-9.11.4-10.P2.h10.eulerosv2r8\",\n \"bind-export-devel-9.11.4-10.P2.h10.eulerosv2r8\",\n \"bind-export-libs-9.11.4-10.P2.h10.eulerosv2r8\",\n \"bind-libs-9.11.4-10.P2.h10.eulerosv2r8\",\n \"bind-libs-lite-9.11.4-10.P2.h10.eulerosv2r8\",\n \"bind-license-9.11.4-10.P2.h10.eulerosv2r8\",\n \"bind-pkcs11-9.11.4-10.P2.h10.eulerosv2r8\",\n \"bind-pkcs11-libs-9.11.4-10.P2.h10.eulerosv2r8\",\n \"bind-pkcs11-utils-9.11.4-10.P2.h10.eulerosv2r8\",\n \"bind-utils-9.11.4-10.P2.h10.eulerosv2r8\",\n \"python3-bind-9.11.4-10.P2.h10.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:28:48", "description": "Two issues have been found in bind9, the Internet Domain Name Server.\n\nCVE-2019-6465 Zone transfer for DLZs are executed though not permitted by ACLs.\n\nCVE-2018-5745 Avoid assertion and thus causing named to deliberately exit when a trust anchor's key is replaced with a key which uses an unsupported algorithm.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1:9.9.5.dfsg-9+deb8u17.\n\nWe recommend that you upgrade your bind9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-03-01T00:00:00", "type": "nessus", "title": "Debian DLA-1697-1 : bind9 security updat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5745", "CVE-2019-6465"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bind9", "p-cpe:/a:debian:debian_linux:bind9-doc", "p-cpe:/a:debian:debian_linux:bind9-host", "p-cpe:/a:debian:debian_linux:bind9utils", "p-cpe:/a:debian:debian_linux:dnsutils", "p-cpe:/a:debian:debian_linux:host", "p-cpe:/a:debian:debian_linux:libbind-dev", "p-cpe:/a:debian:debian_linux:libbind-export-dev", "p-cpe:/a:debian:debian_linux:libbind9-90", "p-cpe:/a:debian:debian_linux:libdns-export100", "p-cpe:/a:debian:debian_linux:libdns-export100-udeb", "p-cpe:/a:debian:debian_linux:libdns100", "p-cpe:/a:debian:debian_linux:libirs-export91", "p-cpe:/a:debian:debian_linux:libirs-export91-udeb", "p-cpe:/a:debian:debian_linux:libisc-export95", "p-cpe:/a:debian:debian_linux:libisc-export95-udeb", "p-cpe:/a:debian:debian_linux:libisc95", "p-cpe:/a:debian:debian_linux:libisccc90", "p-cpe:/a:debian:debian_linux:libisccfg-export90", "p-cpe:/a:debian:debian_linux:libisccfg-export90-udeb", "p-cpe:/a:debian:debian_linux:libisccfg90", "p-cpe:/a:debian:debian_linux:liblwres90", "p-cpe:/a:debian:debian_linux:lwresd", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1697.NASL", "href": "https://www.tenable.com/plugins/nessus/122513", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1697-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122513);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-5745\", \"CVE-2019-6465\");\n\n script_name(english:\"Debian DLA-1697-1 : bind9 security updat\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two issues have been found in bind9, the Internet Domain Name Server.\n\nCVE-2019-6465 Zone transfer for DLZs are executed though not permitted\nby ACLs.\n\nCVE-2018-5745 Avoid assertion and thus causing named to deliberately\nexit when a trust anchor's key is replaced with a key which uses an\nunsupported algorithm.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:9.9.5.dfsg-9+deb8u17.\n\nWe recommend that you upgrade your bind9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00043.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/bind9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dnsutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbind-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbind-export-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbind9-90\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libdns-export100\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libdns-export100-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libdns100\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libirs-export91\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libirs-export91-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisc-export95\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisc-export95-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisc95\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccc90\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccfg-export90\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccfg-export90-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccfg90\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblwres90\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"bind9\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9-doc\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9-host\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9utils\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"dnsutils\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"host\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind-dev\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind-export-dev\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind9-90\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns-export100\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns-export100-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns100\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libirs-export91\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libirs-export91-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc-export95\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc-export95-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc95\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccc90\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg-export90\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg-export90-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg90\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"liblwres90\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lwresd\", reference:\"1:9.9.5.dfsg-9+deb8u17\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-21T16:38:00", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.(CVE-2019-12418)\n\n - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.(CVE-2019-17563)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2020-1136)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12418", "CVE-2019-17563"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1136.NASL", "href": "https://www.tenable.com/plugins/nessus/133937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133937);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-12418\",\n \"CVE-2019-17563\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2020-1136)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47,\n 7.0.0 and 7.0.97 is configured with the JMX Remote\n Lifecycle Listener, a local attacker without access to\n the Tomcat process or configuration files is able to\n manipulate the RMI registry to perform a\n man-in-the-middle attack to capture user names and\n passwords used to access the JMX interface. The\n attacker can then use these credentials to access the\n JMX interface and gain complete control over the Tomcat\n instance.(CVE-2019-12418)\n\n - When using FORM authentication with Apache Tomcat\n 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98\n there was a narrow window where an attacker could\n perform a session fixation attack. The window was\n considered too narrow for an exploit to be practical\n but, erring on the side of caution, this issue has been\n treated as a security vulnerability.(CVE-2019-17563)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1136\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46092be3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.76-8.h9.eulerosv2r7\",\n \"tomcat-admin-webapps-7.0.76-8.h9.eulerosv2r7\",\n \"tomcat-el-2.2-api-7.0.76-8.h9.eulerosv2r7\",\n \"tomcat-jsp-2.2-api-7.0.76-8.h9.eulerosv2r7\",\n \"tomcat-lib-7.0.76-8.h9.eulerosv2r7\",\n \"tomcat-servlet-3.0-api-7.0.76-8.h9.eulerosv2r7\",\n \"tomcat-webapps-7.0.76-8.h9.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-21T16:37:33", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.(CVE-2019-12418)\n\n - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.(CVE-2019-17563)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-1182)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12418", "CVE-2019-17563"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.3-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-4.0-api", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1182.NASL", "href": "https://www.tenable.com/plugins/nessus/134016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134016);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-12418\",\n \"CVE-2019-17563\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-1182)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47,\n 7.0.0 and 7.0.97 is configured with the JMX Remote\n Lifecycle Listener, a local attacker without access to\n the Tomcat process or configuration files is able to\n manipulate the RMI registry to perform a\n man-in-the-middle attack to capture user names and\n passwords used to access the JMX interface. The\n attacker can then use these credentials to access the\n JMX interface and gain complete control over the Tomcat\n instance.(CVE-2019-12418)\n\n - When using FORM authentication with Apache Tomcat\n 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98\n there was a narrow window where an attacker could\n perform a session fixation attack. The window was\n considered too narrow for an exploit to be practical\n but, erring on the side of caution, this issue has been\n treated as a security vulnerability.(CVE-2019-17563)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1182\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bcdf21af\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-4.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-9.0.10-1.h5.eulerosv2r8\",\n \"tomcat-admin-webapps-9.0.10-1.h5.eulerosv2r8\",\n \"tomcat-el-3.0-api-9.0.10-1.h5.eulerosv2r8\",\n \"tomcat-jsp-2.3-api-9.0.10-1.h5.eulerosv2r8\",\n \"tomcat-lib-9.0.10-1.h5.eulerosv2r8\",\n \"tomcat-servlet-4.0-api-9.0.10-1.h5.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-21T16:35:53", "description": "An update of the apache package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-23T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Apache PHSA-2020-3.0-0051", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12418", "CVE-2019-17563"], "modified": "2020-01-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:apache", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0051_APACHE.NASL", "href": "https://www.tenable.com/plugins/nessus/133209", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0051. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133209);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/01/24\");\n\n script_cve_id(\"CVE-2019-12418\", \"CVE-2019-17563\");\n\n script_name(english:\"Photon OS 3.0: Apache PHSA-2020-3.0-0051\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the apache package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-51.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17563\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"apache-tomcat-8.5.50-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-21T16:35:54", "description": "An update of the apache package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Apache PHSA-2020-1.0-0264", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12418", "CVE-2019-17563"], "modified": "2020-01-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:apache", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0264_APACHE.NASL", "href": "https://www.tenable.com/plugins/nessus/132979", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0264. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132979);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/01/18\");\n\n script_cve_id(\"CVE-2019-12418\", \"CVE-2019-17563\");\n\n script_name(english:\"Photon OS 1.0: Apache PHSA-2020-1.0-0264\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the apache package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-264.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17563\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"apache-tomcat-8.5.50-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache\");\n}\n\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-21T16:35:51", "description": "An update of the apache package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Apache PHSA-2020-2.0-0200", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12418", "CVE-2019-17563"], "modified": "2020-01-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:apache", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0200_APACHE.NASL", "href": "https://www.tenable.com/plugins/nessus/132988", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0200. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132988);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/01/18\");\n\n script_cve_id(\"CVE-2019-12418\", \"CVE-2019-17563\");\n\n script_name(english:\"Photon OS 2.0: Apache PHSA-2020-2.0-0200\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the apache package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-200.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17563\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"apache-tomcat-8.5\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"apache-tomcat-8.5.50-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"apache-tomcat-8.5\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"src\", reference:\"apache-tomcat-8.5.50-1.ph2.src\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache\");\n}\n\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-21T16:33:57", "description": "When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.(CVE-2019-12418)\n\nWhen using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.(CVE-2019-17563)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-17T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat8 (ALAS-2020-1337)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12418", "CVE-2019-17563"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1337.NASL", "href": "https://www.tenable.com/plugins/nessus/133007", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1337.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133007);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2019-12418\", \"CVE-2019-17563\");\n script_xref(name:\"ALAS\", value:\"2020-1337\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2020-1337)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and\n7.0.97 is configured with the JMX Remote Lifecycle Listener, a local\nattacker without access to the Tomcat process or configuration files\nis able to manipulate the RMI registry to perform a man-in-the-middle\nattack to capture user names and passwords used to access the JMX\ninterface. The attacker can then use these credentials to access the\nJMX interface and gain complete control over the Tomcat\ninstance.(CVE-2019-12418)\n\nWhen using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29,\n8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an\nattacker could perform a session fixation attack. The window was\nconsidered too narrow for an exploit to be practical but, erring on\nthe side of caution, this issue has been treated as a security\nvulnerability.(CVE-2019-17563)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1337.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat8' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17563\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.5.50-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.5.50-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.5.50-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.5.50-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.5.50-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.5.50-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.5.50-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.5.50-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.5.50-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.5.50-1.82.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-21T16:33:59", "description": "Two security vulnerabilities have been fixed in the Tomcat servlet and JSP engine.\n\nCVE-2019-12418\n\n When Apache Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.\n\nCVE-2019-17563\n\n When using FORM authentication with Apache Tomcat there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 7.0.56-3+really7.0.99-1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-28T00:00:00", "type": "nessus", "title": "Debian DLA-2077-1 : tomcat7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12418", "CVE-2019-17563"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2077.NASL", "href": "https://www.tenable.com/plugins/nessus/133276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2077-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133276);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-12418\", \"CVE-2019-17563\");\n\n script_name(english:\"Debian DLA-2077-1 : tomcat7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security vulnerabilities have been fixed in the Tomcat servlet and\nJSP engine.\n\nCVE-2019-12418\n\n When Apache Tomcat is configured with the JMX Remote Lifecycle\nListener, a local attacker without access to the Tomcat process or\nconfiguration files is able to manipulate the RMI registry to perform\na man-in-the-middle attack to capture user names and passwords used to\naccess the JMX interface. The attacker can then use these credentials\nto access the JMX interface and gain complete control over the Tomcat\ninstance.\n\nCVE-2019-17563\n\n When using FORM authentication with Apache Tomcat there was a\nnarrow window where an attacker could perform a session fixation\nattack. The window was considered too narrow for an exploit to be\npractical but, erring on the side of caution, this issue has been\ntreated as a security vulnerability.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n7.0.56-3+really7.0.99-1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.56-3+really7.0.99-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.56-3+really7.0.99-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat7-java\", reference:\"7.0.56-3+really7.0.99-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7\", reference:\"7.0.56-3+really7.0.99-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-admin\", reference:\"7.0.56-3+really7.0.99-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-common\", reference:\"7.0.56-3+really7.0.99-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-docs\", reference:\"7.0.56-3+really7.0.99-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-examples\", reference:\"7.0.56-3+really7.0.99-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-user\", reference:\"7.0.56-3+really7.0.99-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-21T16:35:51", "description": "It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. (CVE-2019-12418)\n\nIt was discovered that Tomcat incorrectly handled FORM authentication.\nA remote attacker could possibly use this issue to perform a session fixation attack. (CVE-2019-17563).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-28T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4251-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12418", "CVE-2019-17563"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat8-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat8", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4251-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133290", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4251-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133290);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-12418\", \"CVE-2019-17563\");\n script_xref(name:\"USN\", value:\"4251-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4251-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Tomcat incorrectly handled the RMI registry\nwhen configured with the JMX Remote Lifecycle Listener. A local\nattacker could possibly use this issue to obtain credentials and gain\ncomplete control over the Tomcat instance. (CVE-2019-12418)\n\nIt was discovered that Tomcat incorrectly handled FORM authentication.\nA remote attacker could possibly use this issue to perform a session\nfixation attack. (CVE-2019-17563).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4251-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libtomcat8-java and / or tomcat8 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat8-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libtomcat8-java\", pkgver:\"8.0.32-1ubuntu1.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"tomcat8\", pkgver:\"8.0.32-1ubuntu1.11\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat8-java / tomcat8\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-19T15:10:43", "description": "According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions.(CVE-2019-19232)\n\n - ** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash.(CVE-2019-19234)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : sudo (EulerOS-SA-2020-1135)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sudo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1135.NASL", "href": "https://www.tenable.com/plugins/nessus/133936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133936);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-18634\", \"CVE-2019-19232\", \"CVE-2019-19234\");\n\n script_name(english:\"EulerOS 2.0 SP5 : sudo (EulerOS-SA-2020-1135)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sudo package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with\n access to a Runas ALL sudoer account can impersonate a\n nonexistent user by invoking sudo with a numeric uid\n that is not associated with any user. NOTE: The\n software maintainer believes that this is not a\n vulnerability because running a command via sudo as a\n user not present in the local password database is an\n intentional feature. Because this behavior surprised\n some users, sudo 1.8.30 introduced an option to\n enable/disable this behavior with the default being\n disabled. However, this does not change the fact that\n sudo was behaving as intended, and as documented, in\n earlier versions.(CVE-2019-19232)\n\n - ** DISPUTED ** In Sudo through 1.8.29, the fact that a\n user has been blocked (e.g., by using the ! character\n in the shadow file instead of a password hash) is not\n considered, allowing an attacker (who has access to a\n Runas ALL sudoer account) to impersonate any blocked\n user. NOTE: The software maintainer believes that this\n CVE is not valid. Disabling local password\n authentication for a user is not the same as disabling\n all access to that user--the user may still be able to\n login via other means (ssh key, kerberos, etc). Both\n the Linux shadow(5) and passwd(1) manuals are clear on\n this. Indeed it is a valid use case to have local\n accounts that are _only_ accessible via sudo and that\n cannot be logged into with a password. Sudo 1.8.30\n added an optional setting to check the _shell_ of the\n target user (not the encrypted password!) against the\n contents of /etc/shells but that is not the same thing\n as preventing access to users with an invalid password\n hash.(CVE-2019-19234)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in\n /etc/sudoers, users can trigger a stack-based buffer\n overflow in the privileged sudo process. (pwfeedback is\n a default setting in Linux Mint and elementary OS\n however, it is NOT the default for upstream and many\n other packages, and would exist only if enabled by an\n administrator.) The attacker needs to deliver a long\n string to the stdin of getln() in\n tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1135\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4941e48\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19234\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18634\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sudo-1.8.19p2-14.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-19T15:10:50", "description": "According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.(CVE-2019-18634)\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions.(CVE-2019-19232)\n\n - ** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash.(CVE-2019-19234)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : sudo (EulerOS-SA-2020-1181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sudo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1181.NASL", "href": "https://www.tenable.com/plugins/nessus/134015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134015);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-18634\", \"CVE-2019-19232\", \"CVE-2019-19234\");\n\n script_name(english:\"EulerOS 2.0 SP8 : sudo (EulerOS-SA-2020-1181)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sudo package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in\n /etc/sudoers, users can trigger a stack-based buffer\n overflow in the privileged sudo process. (pwfeedback is\n a default setting in Linux Mint and elementary OS\n however, it is NOT the default for upstream and many\n other packages, and would exist only if enabled by an\n administrator.) The attacker needs to deliver a long\n string to the stdin of getln() in\n tgetpass.c.(CVE-2019-18634)\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with\n access to a Runas ALL sudoer account can impersonate a\n nonexistent user by invoking sudo with a numeric uid\n that is not associated with any user. NOTE: The\n software maintainer believes that this is not a\n vulnerability because running a command via sudo as a\n user not present in the local password database is an\n intentional feature. Because this behavior surprised\n some users, sudo 1.8.30 introduced an option to\n enable/disable this behavior with the default being\n disabled. However, this does not change the fact that\n sudo was behaving as intended, and as documented, in\n earlier versions.(CVE-2019-19232)\n\n - ** DISPUTED ** In Sudo through 1.8.29, the fact that a\n user has been blocked (e.g., by using the ! character\n in the shadow file instead of a password hash) is not\n considered, allowing an attacker (who has access to a\n Runas ALL sudoer account) to impersonate any blocked\n user. NOTE: The software maintainer believes that this\n CVE is not valid. Disabling local password\n authentication for a user is not the same as disabling\n all access to that user--the user may still be able to\n login via other means (ssh key, kerberos, etc). Both\n the Linux shadow(5) and passwd(1) manuals are clear on\n this. Indeed it is a valid use case to have local\n accounts that are _only_ accessible via sudo and that\n cannot be logged into with a password. Sudo 1.8.30\n added an optional setting to check the _shell_ of the\n target user (not the encrypted password!) against the\n contents of /etc/shells but that is not the same thing\n as preventing access to users with an invalid password\n hash.(CVE-2019-19234)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1181\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f65af167\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19234\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18634\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"sudo-1.8.23-3.h13.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-19T15:13:38", "description": "- update to latest development version 1.9.0b1\n\n - added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages Resolves: rhbz#1787823\n\n - Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945\n\n - fixes: CVE-2019-18634 \n\n - By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account Resolves: rhbz#1786709\n\n - fixes CVE-2019-19234\n\n - attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user Resolves: rhbz#1786705\n\n - fixes CVE-2019-19232\n\n - setrlimit(RLIMIT_CORE): Operation not permitted warning message fix Resolves: rhbz#1773148\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-03-06T00:00:00", "type": "nessus", "title": "Fedora 31 : sudo (2020-8b563bc5f4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sudo", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-8B563BC5F4.NASL", "href": "https://www.tenable.com/plugins/nessus/134253", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-8b563bc5f4.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134253);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-18634\", \"CVE-2019-19232\", \"CVE-2019-19234\");\n script_xref(name:\"FEDORA\", value:\"2020-8b563bc5f4\");\n\n script_name(english:\"Fedora 31 : sudo (2020-8b563bc5f4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\" - update to latest development version 1.9.0b1\n\n - added sudo_logsrvd and sudo_sendlog to files and their\n appropriate man pages Resolves: rhbz#1787823\n\n - Stack based buffer overflow in when pwfeedback is\n enabled Resolves: rhbz#1796945\n\n - fixes: CVE-2019-18634 \n\n - By using ! character in the shadow file instead of a\n password hash can access to a run as all sudoer account\n Resolves: rhbz#1786709\n\n - fixes CVE-2019-19234\n\n - attacker with access to a Runas ALL sudoer account can\n impersonate a nonexistent user Resolves: rhbz#1786705\n\n - fixes CVE-2019-19232\n\n - setrlimit(RLIMIT_CORE): Operation not permitted warning\n message fix Resolves: rhbz#1773148\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-8b563bc5f4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19234\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"sudo-1.9.0-0.1.b1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-15T13:47:26", "description": "According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature.\n Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions.(CVE-2019-19232)\n\n - In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE:\n The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this.\n Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash.(CVE-2019-19234)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : sudo (EulerOS-SA-2020-1435)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sudo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1435.NASL", "href": "https://www.tenable.com/plugins/nessus/135564", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135564);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2019-18634\", \"CVE-2019-19232\", \"CVE-2019-19234\");\n\n script_name(english:\"EulerOS 2.0 SP3 : sudo (EulerOS-SA-2020-1435)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sudo package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - In Sudo through 1.8.29, an attacker with access to a\n Runas ALL sudoer account can impersonate a nonexistent\n user by invoking sudo with a numeric uid that is not\n associated with any user. NOTE: The software maintainer\n believes that this is not a vulnerability because\n running a command via sudo as a user not present in the\n local password database is an intentional feature.\n Because this behavior surprised some users, sudo 1.8.30\n introduced an option to enable/disable this behavior\n with the default being disabled. However, this does not\n change the fact that sudo was behaving as intended, and\n as documented, in earlier versions.(CVE-2019-19232)\n\n - In Sudo through 1.8.29, the fact that a user has been\n blocked (e.g., by using the ! character in the shadow\n file instead of a password hash) is not considered,\n allowing an attacker (who has access to a Runas ALL\n sudoer account) to impersonate any blocked user. NOTE:\n The software maintainer believes that this CVE is not\n valid. Disabling local password authentication for a\n user is not the same as disabling all access to that\n user--the user may still be able to login via other\n means (ssh key, kerberos, etc). Both the Linux\n shadow(5) and passwd(1) manuals are clear on this.\n Indeed it is a valid use case to have local accounts\n that are _only_ accessible via sudo and that cannot be\n logged into with a password. Sudo 1.8.30 added an\n optional setting to check the _shell_ of the target\n user (not the encrypted password!) against the contents\n of /etc/shells but that is not the same thing as\n preventing access to users with an invalid password\n hash.(CVE-2019-19234)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in\n /etc/sudoers, users can trigger a stack-based buffer\n overflow in the privileged sudo process. (pwfeedback is\n a default setting in Linux Mint and elementary OS\n however, it is NOT the default for upstream and many\n other packages, and would exist only if enabled by an\n administrator.) The attacker needs to deliver a long\n string to the stdin of getln() in\n tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1435\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d629f030\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19234\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18634\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sudo-1.8.19p2-11.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-15T13:48:01", "description": "According to the versions of the sudo package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).(CVE-2019-19234)\n\n - In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user.(CVE-2019-19232)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : sudo (EulerOS-SA-2020-1564)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sudo", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1564.NASL", "href": "https://www.tenable.com/plugins/nessus/136267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136267);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2019-18634\", \"CVE-2019-19232\", \"CVE-2019-19234\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : sudo (EulerOS-SA-2020-1564)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sudo package installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect\n handling of various URI components in the URL parser\n could be used by attackers to bypass hostname-specific\n URL checks, as demonstrated by\n evil.example.com:80#@good.example.com/ and\n evil.example.com:80?@good.example.com/ inputs to the\n parse_url function (implemented in the php_url_parse_ex\n function in ext/standard/url.c).(CVE-2019-19234)\n\n - In Sudo through 1.8.29, the fact that a user has been\n blocked (e.g., by using the ! character in the shadow\n file instead of a password hash) is not considered,\n allowing an attacker (who has access to a Runas ALL\n sudoer account) to impersonate any blocked\n user.(CVE-2019-19232)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in\n /etc/sudoers, users can trigger a stack-based buffer\n overflow in the privileged sudo process. (pwfeedback is\n a default setting in Linux Mint and elementary OS\n however, it is NOT the default for upstream and many\n other packages, and would exist only if enabled by an\n administrator.) The attacker needs to deliver a long\n string to the stdin of getln() in\n tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1564\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38e00cf5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19234\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18634\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"sudo-1.8.19p2-14.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-15T14:26:13", "description": "According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.(CVE-2019-18634)\n\n - In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user.(CVE-2019-19232)\n\n - In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user.(CVE-2019-19234)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : sudo (EulerOS-SA-2020-2196)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sudo", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2020-2196.NASL", "href": "https://www.tenable.com/plugins/nessus/141722", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141722);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2019-18634\", \"CVE-2019-19232\", \"CVE-2019-19234\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : sudo (EulerOS-SA-2020-2196)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sudo package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in\n /etc/sudoers, users can trigger a stack-based buffer\n overflow in the privileged sudo process. (pwfeedback is\n a default setting in Linux Mint and elementary OS\n however, it is NOT the default for upstream and many\n other packages, and would exist only if enabled by an\n administrator.) The attacker needs to deliver a long\n string to the stdin of getln() in\n tgetpass.c.(CVE-2019-18634)\n\n - In Sudo through 1.8.29, an attacker with access to a\n Runas ALL sudoer account can impersonate a nonexistent\n user by invoking sudo with a numeric uid that is not\n associated with any user.(CVE-2019-19232)\n\n - In Sudo through 1.8.29, the fact that a user has been\n blocked (e.g., by using the ! character in the shadow\n file instead of a password hash) is not considered,\n allowing an attacker (who has access to a Runas ALL\n sudoer account) to impersonate any blocked\n user.(CVE-2019-19234)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2196\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b5294a9c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19234\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18634\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sudo-1.8.19p2-14.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-15T13:45:44", "description": "According to the versions of the sudo package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash.(CVE-2019-19234)\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions.(CVE-2019-19232)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : sudo (EulerOS-SA-2020-1349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sudo", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1349.NASL", "href": "https://www.tenable.com/plugins/nessus/135136", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135136);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2019-18634\", \"CVE-2019-19232\", \"CVE-2019-19234\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : sudo (EulerOS-SA-2020-1349)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sudo package installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - ** DISPUTED ** In Sudo through 1.8.29, the fact that a\n user has been blocked (e.g., by using the ! character\n in the shadow file instead of a password hash) is not\n considered, allowing an attacker (who has access to a\n Runas ALL sudoer account) to impersonate any blocked\n user. NOTE: The software maintainer believes that this\n CVE is not valid. Disabling local password\n authentication for a user is not the same as disabling\n all access to that user--the user may still be able to\n login via other means (ssh key, kerberos, etc). Both\n the Linux shadow(5) and passwd(1) manuals are clear on\n this. Indeed it is a valid use case to have local\n accounts that are _only_ accessible via sudo and that\n cannot be logged into with a password. Sudo 1.8.30\n added an optional setting to check the _shell_ of the\n target user (not the encrypted password!) against the\n contents of /etc/shells but that is not the same thing\n as preventing access to users with an invalid password\n hash.(CVE-2019-19234)\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with\n access to a Runas ALL sudoer account can impersonate a\n nonexistent user by invoking sudo with a numeric uid\n that is not associated with any user. NOTE: The\n software maintainer believes that this is not a\n vulnerability because running a command via sudo as a\n user not present in the local password database is an\n intentional feature. Because this behavior surprised\n some users, sudo 1.8.30 introduced an option to\n enable/disable this behavior with the default being\n disabled. However, this does not change the fact that\n sudo was behaving as intended, and as documented, in\n earlier versions.(CVE-2019-19232)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in\n /etc/sudoers, users can trigger a stack-based buffer\n overflow in the privileged sudo process. (pwfeedback is\n a default setting in Linux Mint and elementary OS\n however, it is NOT the default for upstream and many\n other packages, and would exist only if enabled by an\n administrator.) The attacker needs to deliver a long\n string to the stdin of getln() in\n tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1349\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1265912\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19234\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18634\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"sudo-1.8.23-3.h13.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-15T13:52:56", "description": "According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash.(CVE-2019-19234)\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions.(CVE-2019-19232)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : sudo (EulerOS-SA-2020-1785)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sudo", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1785.NASL", "href": "https://www.tenable.com/plugins/nessus/138004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138004);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2019-18634\", \"CVE-2019-19232\", \"CVE-2019-19234\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : sudo (EulerOS-SA-2020-1785)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sudo package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - ** DISPUTED ** In Sudo through 1.8.29, the fact that a\n user has been blocked (e.g., by using the ! character\n in the shadow file instead of a password hash) is not\n considered, allowing an attacker (who has access to a\n Runas ALL sudoer account) to impersonate any blocked\n user. NOTE: The software maintainer believes that this\n CVE is not valid. Disabling local password\n authentication for a user is not the same as disabling\n all access to that user--the user may still be able to\n login via other means (ssh key, kerberos, etc). Both\n the Linux shadow(5) and passwd(1) manuals are clear on\n this. Indeed it is a valid use case to have local\n accounts that are _only_ accessible via sudo and that\n cannot be logged into with a password. Sudo 1.8.30\n added an optional setting to check the _shell_ of the\n target user (not the encrypted password!) against the\n contents of /etc/shells but that is not the same thing\n as preventing access to users with an invalid password\n hash.(CVE-2019-19234)\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with\n access to a Runas ALL sudoer account can impersonate a\n nonexistent user by invoking sudo with a numeric uid\n that is not associated with any user. NOTE: The\n software maintainer believes that this is not a\n vulnerability because running a command via sudo as a\n user not present in the local password database is an\n intentional feature. Because this behavior surprised\n some users, sudo 1.8.30 introduced an option to\n enable/disable this behavior with the default being\n disabled. However, this does not change the fact that\n sudo was behaving as intended, and as documented, in\n earlier versions.(CVE-2019-19232)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in\n /etc/sudoers, users can trigger a stack-based buffer\n overflow in the privileged sudo process. (pwfeedback is\n a default setting in Linux Mint and elementary OS\n however, it is NOT the default for upstream and many\n other packages, and would exist only if enabled by an\n administrator.) The attacker needs to deliver a long\n string to the stdin of getln() in\n tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1785\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51ea9889\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19234\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18634\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sudo-1.8.19p2-14.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-15T13:52:58", "description": "According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions.(CVE-2019-19232)\n\n - ** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash.(CVE-2019-19234)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : sudo (EulerOS-SA-2020-1662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sudo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1662.NASL", "href": "https://www.tenable.com/plugins/nessus/137504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137504);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2019-18634\", \"CVE-2019-19232\", \"CVE-2019-19234\");\n\n script_name(english:\"EulerOS 2.0 SP2 : sudo (EulerOS-SA-2020-1662)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sudo package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with\n access to a Runas ALL sudoer account can impersonate a\n nonexistent user by invoking sudo with a numeric uid\n that is not associated with any user. NOTE: The\n software maintainer believes that this is not a\n vulnerability because running a command via sudo as a\n user not present in the local password database is an\n intentional feature. Because this behavior surprised\n some users, sudo 1.8.30 introduced an option to\n enable/disable this behavior with the default being\n disabled. However, this does not change the fact that\n sudo was behaving as intended, and as documented, in\n earlier versions.(CVE-2019-19232)\n\n - ** DISPUTED ** In Sudo through 1.8.29, the fact that a\n user has been blocked (e.g., by using the ! character\n in the shadow file instead of a password hash) is not\n considered, allowing an attacker (who has access to a\n Runas ALL sudoer account) to impersonate any blocked\n user. NOTE: The software maintainer believes that this\n CVE is not valid. Disabling local password\n authentication for a user is not the same as disabling\n all access to that user--the user may still be able to\n login via other means (ssh key, kerberos, etc). Both\n the Linux shadow(5) and passwd(1) manuals are clear on\n this. Indeed it is a valid use case to have local\n accounts that are _only_ accessible via sudo and that\n cannot be logged into with a password. Sudo 1.8.30\n added an optional setting to check the _shell_ of the\n target user (not the encrypted password!) against the\n contents of /etc/shells but that is not the same thing\n as preventing access to users with an invalid password\n hash.(CVE-2019-19234)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in\n /etc/sudoers, users can trigger a stack-based buffer\n overflow in the privileged sudo process. (pwfeedback is\n a default setting in Linux Mint and elementary OS\n however, it is NOT the default for upstream and many\n other packages, and would exist only if enabled by an\n administrator.) The attacker needs to deliver a long\n string to the stdin of getln() in\n tgetpass.c.(CVE-2019-18634)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1662\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cfd468a9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19234\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18634\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sudo-1.8.6p7-23.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-31T16:28:20", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0329 advisory.\n\n - golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling (CVE-2019-16276)\n\n - golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-02-05T00:00:00", "type": "nessus", "title": "RHEL 8 : go-toolset:rhel8 (RHSA-2020:0329)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043", "CVE-2019-16276", "CVE-2019-17596"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.1", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:go-toolset", "p-cpe:/a:redhat:enterprise_linux:golang", "p-cpe:/a:redhat:enterprise_linux:golang-bin", "p-cpe:/a:redhat:enterprise_linux:golang-docs", "p-cpe:/a:redhat:enterprise_linux:golang-misc", "p-cpe:/a:redhat:enterprise_linux:golang-race", "p-cpe:/a:redhat:enterprise_linux:golang-src", "p-cpe:/a:redhat:enterprise_linux:golang-tests"], "id": "REDHAT-RHSA-2020-0329.NASL", "href": "https://www.tenable.com/plugins/nessus/133478", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0329. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133478);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\"CVE-2019-16276\", \"CVE-2019-17596\");\n script_xref(name:\"RHSA\", value:\"2020:0329\");\n script_xref(name:\"IAVB\", value:\"2019-B-0085-S\");\n\n script_name(english:\"RHEL 8 : go-toolset:rhel8 (RHSA-2020:0329)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0329 advisory.\n\n - golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling\n (CVE-2019-16276)\n\n - golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/444.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16276\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1755969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763310\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(295, 444);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-tests\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_2_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_2_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_2_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'go-toolset-1.12.12-2.module+el8.1.0+5317+8a49ffbb', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'go-toolset-1.12.12-2.module+el8.1.0+5317+8a49ffbb', 'cpu':'s390x', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'go-toolset-1.12.12-2.module+el8.1.0+5317+8a49ffbb', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'s390x', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-bin-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-bin-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'s390x', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-bin-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-docs-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-misc-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-race-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-src-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'golang-tests-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go-toolset / golang / golang-bin / golang-docs / golang-misc / etc');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-16T14:09:14", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1061 advisory.\n\n - bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745)\n\n - bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465)\n\n - bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-04-01T00:00:00", "type": "nessus", "title": "RHEL 7 : bind (RHSA-2020:1061)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5745", "CVE-2019-6465", "CVE-2019-6477"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-export-devel", "p-cpe:/a:redhat:enterprise_linux:bind-export-libs", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite", "p-cpe:/a:redhat:enterprise_linux:bind-license", "p-cpe:/a:redhat:enterprise_linux:bind-lite-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-utils"], "id": "REDHAT-RHSA-2020-1061.NASL", "href": "https://www.tenable.com/plugins/nessus/135069", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1061. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135069);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\"CVE-2018-5745\", \"CVE-2019-6465\", \"CVE-2019-6477\");\n script_bugtraq_id(107140, 107142);\n script_xref(name:\"RHSA\", value:\"2020:1061\");\n script_xref(name:\"IAVA\", value:\"2019-A-0069-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0434-S\");\n\n script_name(english:\"RHEL 7 : bind (RHSA-2020:1061)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1061 advisory.\n\n - bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using\n managed-keys (CVE-2018-5745)\n\n - bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable\n (CVE-2019-6465)\n\n - bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/617.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-5745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-6465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-6477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1679303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1679304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1773617\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(284, 400, 617);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'bind-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-chroot-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-chroot-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-devel-9.11.4-16.P2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-devel-9.11.4-16.P2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-devel-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-devel-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-export-devel-9.11.4-16.P2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-export-devel-9.11.4-16.P2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-export-devel-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-export-devel-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-export-libs-9.11.4-16.P2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-export-libs-9.11.4-16.P2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-export-libs-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-export-libs-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-libs-9.11.4-16.P2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-libs-9.11.4-16.P2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-libs-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-libs-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-libs-lite-9.11.4-16.P2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-libs-lite-9.11.4-16.P2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-libs-lite-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-libs-lite-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-license-9.11.4-16.P2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-lite-devel-9.11.4-16.P2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-lite-devel-9.11.4-16.P2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-lite-devel-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-lite-devel-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-devel-9.11.4-16.P2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-devel-9.11.4-16.P2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-devel-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-devel-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-libs-9.11.4-16.P2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-libs-9.11.4-16.P2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-libs-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-libs-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-utils-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-pkcs11-utils-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-sdb-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-sdb-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-sdb-chroot-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-sdb-chroot-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-utils-9.11.4-16.P2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bind-utils-9.11.4-16.P2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind / bind-chroot / bind-devel / bind-export-devel / bind-export-libs / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:18:39", "description": "According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the 'allow-recursion' setting, it SHOULD default to one of the following: none, if 'recursion no' is set in named.conf a value inherited from the 'allow-query-cache' or 'allow-query' settings IF 'recursion yes' (the default for that setting) AND match lists are explicitly set for 'allow-query-cache' or 'allow-query' (see the BIND9 Administrative Reference Manual section 6.2 for more details) or the intended default of 'allow-recursion {localhost localnets}' if 'recursion yes' is in effect and no values are explicitly set for 'allow-query-cache' or 'allow-query'. However, because of the regression introduced by change #4777, it is possible when 'recursion yes' is in effect and no match list values are provided for 'allow-query-cache' or 'allow-query' for the setting of 'allow-recursion' to inherit a setting of all hosts from the 'allow-query' setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.(CVE-2018-5738)\n\n - Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.(CVE-2019-6465)\n\n - 'managed-keys' is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.(CVE-2018-5745)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.3.0 : bind (EulerOS-SA-2019-2321)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5738", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind-export-libs", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-utils", "p-cpe:/a:huawei:euleros:python3-bind", "cpe:/o:huawei:euleros:uvp:3.0.3.0"], "id": "EULEROS_SA-2019-2321.NASL", "href": "https://www.tenable.com/plugins/nessus/131486", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131486);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-5738\",\n \"CVE-2018-5745\",\n \"CVE-2019-6465\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.3.0 : bind (EulerOS-SA-2019-2321)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bind packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Change #4777 (introduced in October 2017) introduced an\n unforeseen issue in releases which were issued after\n that date, affecting which clients are permitted to\n make recursive queries to a BIND nameserver. The\n intended (and documented) behavior is that if an\n operator has not specified a value for the\n 'allow-recursion' setting, it SHOULD default to one of\n the following: none, if 'recursion no' is set in\n named.conf a value inherited from the\n 'allow-query-cache' or 'allow-query' settings IF\n 'recursion yes' (the default for that setting) AND\n match lists are explicitly set for 'allow-query-cache'\n or 'allow-query' (see the BIND9 Administrative\n Reference Manual section 6.2 for more details) or the\n intended default of 'allow-recursion {localhost\n localnets}' if 'recursion yes' is in effect and no\n values are explicitly set for 'allow-query-cache' or\n 'allow-query'. However, because of the regression\n introduced by change #4777, it is possible when\n 'recursion yes' is in effect and no match list values\n are provided for 'allow-query-cache' or 'allow-query'\n for the setting of 'allow-recursion' to inherit a\n setting of all hosts from the 'allow-query' setting\n default, improperly permitting recursion to all\n clients. Affects BIND 9.9.12, 9.10.7, 9.11.3,\n 9.12.0->9.12.1-P2, the development release 9.13.0, and\n also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and\n 9.11.3-S2 from BIND 9 Supported Preview\n Edition.(CVE-2018-5738)\n\n - Controls for zone transfers may not be properly applied\n to Dynamically Loadable Zones (DLZs) if the zones are\n writable Versions affected: BIND 9.9.0 -> 9.10.8-P1,\n 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions\n 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview\n Edition. Versions 9.13.0 -> 9.13.6 of the 9.13\n development branch are also affected. Versions prior to\n BIND 9.9.0 have not been evaluated for vulnerability to\n CVE-2019-6465.(CVE-2019-6465)\n\n - 'managed-keys' is a feature which allows a BIND\n resolver to automatically maintain the keys used by\n trust anchors which operators configure for use in\n DNSSEC validation. Due to an error in the managed-keys\n feature it is possible for a BIND server which uses\n managed-keys to exit due to an assertion failure if,\n during key rollover, a trust anchor's keys are replaced\n with keys which use an unsupported algorithm. Versions\n affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1,\n 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3\n of BIND 9 Supported Preview Edition. Versions 9.13.0 ->\n 9.13.6 of the 9.13 development branch are also\n affected. Versions prior to BIND 9.9.0 have not been\n evaluated for vulnerability to\n CVE-2018-5745.(CVE-2018-5745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2321\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3f1b816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.3.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.3.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.3.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-export-libs-9.11.4-10.P2.h12.eulerosv2r8\",\n \"bind-libs-9.11.4-10.P2.h12.eulerosv2r8\",\n \"bind-libs-lite-9.11.4-10.P2.h12.eulerosv2r8\",\n \"bind-license-9.11.4-10.P2.h12.eulerosv2r8\",\n \"bind-utils-9.11.4-10.P2.h12.eulerosv2r8\",\n \"python3-bind-9.11.4-10.P2.h12.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-16T14:06:01", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1061 advisory.\n\n - bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745)\n\n - bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465)\n\n - bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "CentOS 7 : bind (CESA-2020:1061)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5745", "CVE-2019-6465", "CVE-2019-6477"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bind", "p-cpe:/a:centos:centos:bind-chroot", "p-cpe:/a:centos:centos:bind-devel", "p-cpe:/a:centos:centos:bind-export-devel", "p-cpe:/a:centos:centos:bind-export-libs", "p-cpe:/a:centos:centos:bind-libs", "p-cpe:/a:centos:centos:bind-libs-lite", "p-cpe:/a:centos:centos:bind-license", "p-cpe:/a:centos:centos:bind-lite-devel", "p-cpe:/a:centos:centos:bind-pkcs11", "p-cpe:/a:centos:centos:bind-pkcs11-devel", "p-cpe:/a:centos:centos:bind-pkcs11-libs", "p-cpe:/a:centos:centos:bind-pkcs11-utils", "p-cpe:/a:centos:centos:bind-sdb", "p-cpe:/a:centos:centos:bind-sdb-chroot", "p-cpe:/a:centos:centos:bind-utils", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-1061.NASL", "href": "https://www.tenable.com/plugins/nessus/135328", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1061 and \n# CentOS Errata and Security Advisory 2020:1061 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135328);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2018-5745\", \"CVE-2019-6465\", \"CVE-2019-6477\");\n script_xref(name:\"RHSA\", value:\"2020:1061\");\n\n script_name(english:\"CentOS 7 : bind (CESA-2020:1061)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1061 advisory.\n\n - bind: An assertion failure if a trust anchor rolls over\n to an unsupported key algorithm when using managed-keys\n (CVE-2018-5745)\n\n - bind: Controls for zone transfers may not be properly\n applied to DLZs if the zones are writable\n (CVE-2019-6465)\n\n - bind: TCP Pipelining doesn't limit TCP clients on a\n single connection (CVE-2019-6477)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012415.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76aedc1d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-chroot-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-devel-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-export-devel-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-export-libs-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-libs-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-license-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-sdb-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-utils-9.11.4-16.P2.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-export-devel / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-15T12:41:25", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has bind packages installed that are affected by multiple vulnerabilities:\n\n - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.\n Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. (CVE-2018-5745)\n\n - Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. (CVE-2019-6465)\n\n - With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).\n (CVE-2019-6477)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : bind Multiple Vulnerabilities (NS-SA-2020-0095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5745", "CVE-2019-6465", "CVE-2019-6477"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0095_BIND.NASL", "href": "https://www.tenable.com/plugins/nessus/144003", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0095. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144003);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2018-5745\", \"CVE-2019-6465\", \"CVE-2019-6477\");\n script_bugtraq_id(107140, 107142);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : bind Multiple Vulnerabilities (NS-SA-2020-0095)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has bind packages installed that are affected by\nmultiple vulnerabilities:\n\n - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust\n anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys\n feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if,\n during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.\n Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions\n 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13\n development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for\n vulnerability to CVE-2018-5745. (CVE-2018-5745)\n\n - Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones\n are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and\n versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13\n development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for\n vulnerability to CVE-2019-6465. (CVE-2019-6465)\n\n - With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to\n a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection\n to a server could consume more resources than the server has been provisioned to handle. When a TCP\n connection with a large number of pipelined queries is closed, the load on the server releasing these\n multiple resources can cause it to become unresponsive, even for queries that can be answered\n authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).\n (CVE-2019-6477)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0095\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'bind-9.11.4-16.P2.el7_8.2',\n 'bind-chroot-9.11.4-16.P2.el7_8.2',\n 'bind-debuginfo-9.11.4-16.P2.el7_8.2',\n 'bind-devel-9.11.4-16.P2.el7_8.2',\n 'bind-export-devel-9.11.4-16.P2.el7_8.2',\n 'bind-export-libs-9.11.4-16.P2.el7_8.2',\n 'bind-libs-9.11.4-16.P2.el7_8.2',\n 'bind-libs-lite-9.11.4-16.P2.el7_8.2',\n 'bind-license-9.11.4-16.P2.el7_8.2',\n 'bind-lite-devel-9.11.4-16.P2.el7_8.2',\n 'bind-pkcs11-9.11.4-16.P2.el7_8.2',\n 'bind-pkcs11-devel-9.11.4-16.P2.el7_8.2',\n 'bind-pkcs11-libs-9.11.4-16.P2.el7_8.2',\n 'bind-pkcs11-utils-9.11.4-16.P2.el7_8.2',\n 'bind-sdb-9.11.4-16.P2.el7_8.2',\n 'bind-sdb-chroot-9.11.4-16.P2.el7_8.2',\n 'bind-utils-9.11.4-16.P2.el7_8.2'\n ],\n 'CGSL MAIN 5.05': [\n 'bind-9.11.4-16.P2.el7_8.2',\n 'bind-chroot-9.11.4-16.P2.el7_8.2',\n 'bind-debuginfo-9.11.4-16.P2.el7_8.2',\n 'bind-devel-9.11.4-16.P2.el7_8.2',\n 'bind-export-devel-9.11.4-16.P2.el7_8.2',\n 'bind-export-libs-9.11.4-16.P2.el7_8.2',\n 'bind-libs-9.11.4-16.P2.el7_8.2',\n 'bind-libs-lite-9.11.4-16.P2.el7_8.2',\n 'bind-license-9.11.4-16.P2.el7_8.2',\n 'bind-lite-devel-9.11.4-16.P2.el7_8.2',\n 'bind-pkcs11-9.11.4-16.P2.el7_8.2',\n 'bind-pkcs11-devel-9.11.4-16.P2.el7_8.2',\n 'bind-pkcs11-libs-9.11.4-16.P2.el7_8.2',\n 'bind-pkcs11-utils-9.11.4-16.P2.el7_8.2',\n 'bind-sdb-9.11.4-16.P2.el7_8.2',\n 'bind-sdb-chroot-9.11.4-16.P2.el7_8.2',\n 'bind-utils-9.11.4-16.P2.el7_8.2'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-16T14:06:57", "description": "* bind: TCP Pipelining doesn't limit TCP clients on a single connection * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys * bind:\nControls for zone transfers may not be properly applied to DLZs if the zones are writable", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bind on SL7.x x86_64 (20200407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5745", "CVE-2019-6465", "CVE-2019-6477"], "modified": "2020-04-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bind", "p-cpe:/a:fermilab:scientific_linux:bind-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bind-devel", "p-cpe:/a:fermilab:scientific_linux:bind-export-devel", "p-cpe:/a:fermilab:scientific_linux:bind-export-libs", "p-cpe:/a:fermilab:scientific_linux:bind-libs", "p-cpe:/a:fermilab:scientific_linux:bind-libs-lite", "p-cpe:/a:fermilab:scientific_linux:bind-license", "p-cpe:/a:fermilab:scientific_linux:bind-lite-devel", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-devel", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-libs", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-utils", "p-cpe:/a:fermilab:scientific_linux:bind-sdb", "p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200407_BIND_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135801);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/24\");\n\n script_cve_id(\"CVE-2018-5745\", \"CVE-2019-6465\", \"CVE-2019-6477\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL7.x x86_64 (20200407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"* bind: TCP Pipelining doesn't limit TCP clients on a single\nconnection * bind: An assertion failure if a trust anchor rolls over\nto an unsupported key algorithm when using managed-keys * bind:\nControls for zone transfers may not be properly applied to DLZs if the\nzones are writable\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=4057\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10669105\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-devel-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-export-devel-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-export-libs-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-libs-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"bind-license-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-license-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.11.4-16.P2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-utils-9.11.4-16.P2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-16T13:52:00", "description": "'managed-keys' is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745 . (CVE-2018-5745)\n\nWith pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). (CVE-2019-6477)\n\nControls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected:\nBIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition.\nVersions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465 . (CVE-2019-6465)", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-07-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : bind (ALAS-2020-1441)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5745", "CVE-2019-6465", "CVE-2019-6477"], "modified": "2020-07-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bind", "p-cpe:/a:amazon:linux:bind-chroot", "p-cpe:/a:amazon:linux:bind-debuginfo", "p-cpe:/a:amazon:linux:bind-devel", "p-cpe:/a:amazon:linux:bind-export-devel", "p-cpe:/a:amazon:linux:bind-export-libs", "p-cpe:/a:amazon:linux:bind-libs", "p-cpe:/a:amazon:linux:bind-libs-lite", "p-cpe:/a:amazon:linux:bind-license", "p-cpe:/a:amazon:linux:bind-lite-devel", "p-cpe:/a:amazon:linux:bind-pkcs11", "p-cpe:/a:amazon:linux:bind-pkcs11-devel", "p-cpe:/a:amazon:linux:bind-pkcs11-libs", "p-cpe:/a:amazon:linux:bind-pkcs11-utils", "p-cpe:/a:amazon:linux:bind-sdb", "p-cpe:/a:amazon:linux:bind-sdb-chroot", "p-cpe:/a:amazon:linux:bind-utils", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1441.NASL", "href": "https://www.tenable.com/plugins/nessus/138043", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1441.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138043);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/06\");\n\n script_cve_id(\"CVE-2018-5745\", \"CVE-2019-6465\", \"CVE-2019-6477\");\n script_xref(name:\"ALAS\", value:\"2020-1441\");\n\n script_name(english:\"Amazon Linux 2 : bind (ALAS-2020-1441)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"'managed-keys' is a feature which allows a BIND resolver to\nautomatically maintain the keys used by trust anchors which operators\nconfigure for use in DNSSEC validation. Due to an error in the\nmanaged-keys feature it is possible for a BIND server which uses\nmanaged-keys to exit due to an assertion failure if, during key\nrollover, a trust anchor's keys are replaced with keys which use an\nunsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1,\n9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 ->\n9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 ->\n9.13.6 of the 9.13 development branch are also affected. Versions\nprior to BIND 9.9.0 have not been evaluated for vulnerability to\nCVE-2018-5745 . (CVE-2018-5745)\n\nWith pipelining enabled each incoming query on a TCP connection\nrequires a similar resource allocation to a query received via UDP or\nvia TCP without pipelining enabled. A client using a TCP-pipelined\nconnection to a server could consume more resources than the server\nhas been provisioned to handle. When a TCP connection with a large\nnumber of pipelined queries is closed, the load on the server\nreleasing these multiple resources can cause it to become\nunresponsive, even for queries that can be answered authoritatively or\nfrom cache. (This is most likely to be perceived as an intermittent\nserver problem). (CVE-2019-6477)\n\nControls for zone transfers may not be properly applied to Dynamically\nLoadable Zones (DLZs) if the zones are writable Versions affected:\nBIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and\nversions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition.\nVersions 9.13.0 -> 9.13.6 of the 9.13 development branch are also\naffected. Versions prior to BIND 9.9.0 have not been evaluated for\nvulnerability to CVE-2019-6465 . (CVE-2019-6465)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1441.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update bind' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"bind-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-chroot-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-debuginfo-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-devel-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-export-devel-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-export-libs-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-libs-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-libs-lite-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-license-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-lite-devel-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-pkcs11-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-pkcs11-devel-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-pkcs11-libs-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-pkcs11-utils-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-sdb-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-sdb-chroot-9.11.4-9.P2.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-utils-9.11.4-9.P2.amzn2.0.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-21T16:35:51", "description": "This update for tomcat to version 9.0.30 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-12418: Fixed a local privilege escalation through by manipulating the RMI registry and performing a man-in-the-middle attack (bsc#1159723).\n\n - CVE-2019-17563: Fixed a session fixation attack when using FORM authentication (bsc#1159729).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2020-38)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10072", "CVE-2019-12418", "CVE-2019-17563"], "modified": "2021-01-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-38.NASL", "href": "https://www.tenable.com/plugins/nessus/132913", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-38.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132913);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/21\");\n\n script_cve_id(\"CVE-2019-10072\", \"CVE-2019-12418\", \"CVE-2019-17563\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2020-38)\");\n script_summary(english:\"Check for the openSUSE-2020-38 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for tomcat to version 9.0.30 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-12418: Fixed a local privilege escalation\n through by manipulating the RMI registry and performing\n a man-in-the-middle attack (bsc#1159723).\n\n - CVE-2019-17563: Fixed a session fixation attack when\n using FORM authentication (bsc#1159729).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159729\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17563\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-9.0.30-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-admin-webapps-9.0.30-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-docs-webapp-9.0.30-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-el-3_0-api-9.0.30-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-embed-9.0.30-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-javadoc-9.0.30-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-jsp-2_3-api-9.0.30-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-jsvc-9.0.30-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-lib-9.0.30-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-servlet-4_0-api-9.0.30-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-webapps-9.0.30-lp151.3.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-26T18:31:42", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.(CVE-2020-1938)\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.(CVE-2019-12418)\n\n - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.(CVE-2019-17563)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2020-1438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12418", "CVE-2019-17563", "CVE-2020-1938"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1438.NASL", "href": "https://www.tenable.com/plugins/nessus/135567", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135567);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2019-12418\", \"CVE-2019-17563\", \"CVE-2020-1938\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/17\");\n\n script_name(english:\"EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2020-1438)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - When using the Apache JServ Protocol (AJP), care must\n be taken when trusting incoming connections to Apache\n Tomcat. Tomcat treats AJP connections as having higher\n trust than, for example, a similar HTTP connection. If\n such connections are available to an attacker, they can\n be exploited in ways that may be surprising. In Apache\n Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0\n to 7.0.99, Tomcat shipped with an AJP Connector enabled\n by default that listened on all configured IP\n addresses. It was expected (and recommended in the\n security guide) that this Connector would be disabled\n if not required. This vulnerability report identified a\n mechanism that allowed: - returning arbitrary files\n from anywhere in the web application - processing any\n file in the web application as a JSP Further, if the\n web application allowed file upload and stored those\n files within the web application (or the attacker was\n able to control the content of the web application by\n some other means) then this, along with the ability to\n process a file as a JSP, made remote code execution\n possible. It is important to note that mitigation is\n only required if an AJP port is accessible to untrusted\n users. Users wishing to take a defence-in-depth\n approach and block the vector that permits returning\n arbitrary files and execution as JSP may upgrade to\n Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A\n number of changes were made to the default AJP\n Connector configuration in 9.0.31 to harden the default\n configuration. It is likely that users upgrading to\n 9.0.31, 8.5.51 or 7.0.100 or later will need to make\n small changes to their configurations.(CVE-2020-1938)\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47,\n 7.0.0 and 7.0.97 is configured with the JMX Remote\n Lifecycle Listener, a local attacker without access to\n the Tomcat process or configuration files is able to\n manipulate the RMI registry to perform a\n man-in-the-middle attack to capture user names and\n passwords used to access the JMX interface. The\n attacker can then use these credentials to access the\n JMX interface and gain complete control over the Tomcat\n instance.(CVE-2019-12418)\n\n - When using FORM authentication with Apache Tomcat\n 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98\n there was a narrow window where an attacker could\n perform a session fixation attack. The window was\n considered too narrow for an exploit to be practical\n but, erring on the side of caution, this issue has been\n treated as a security vulnerability.(CVE-2019-17563)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?59d11dcf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1938\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.76-8.h8\",\n \"tomcat-admin-webapps-7.0.76-8.h8\",\n \"tomcat-el-2.2-api-7.0.76-8.h8\",\n \"tomcat-jsp-2.2-api-7.0.76-8.h8\",\n \"tomcat-lib-7.0.76-8.h8\",\n \"tomcat-servlet-3.0-api-7.0.76-8.h8\",\n \"tomcat-webapps-7.0.76-8.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-11T16:52:57", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2320-1 advisory.\n\n - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. (CVE-2015-3414)\n\n - The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O;>O) in a CREATE TABLE statement. (CVE-2015-3415)\n\n - sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. (CVE-2019-19244)\n\n - lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.\n (CVE-2019-19317)\n\n - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. (CVE-2019-19603)\n\n - alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self- referential views in conjunction with ALTER TABLE statements. (CVE-2019-19645)\n\n - pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. (CVE-2019-19646)\n\n - exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. (CVE-2019-19880)\n\n - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). (CVE-2019-19923)\n\n - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. (CVE-2019-19924)\n\n - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. (CVE-2019-19925)\n\n - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. (CVE-2019-19926)\n\n - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. (CVE-2019-19959)\n\n - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.\n (CVE-2019-20218)\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)\n\n - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)\n\n - ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. (CVE-2020-13630)\n\n - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. (CVE-2020-13631)\n\n - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. (CVE-2020-13632)\n\n - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)\n\n - In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. (CVE-2020-9327)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : sqlite3 (SUSE-SU-2021:2320-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2019-19244", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-15358", "CVE-2020-9327"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libsqlite3-0:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:sqlite3:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:sqlite3-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libsqlite3-0-32bit:*:*:*:*:*:*:*"], "id": "SUSE_SU-2021-2320-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151654", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2320-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151654);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2019-19244\",\n \"CVE-2019-19317\",\n \"CVE-2019-19603\",\n \"CVE-2019-19645\",\n \"CVE-2019-19646\",\n \"CVE-2019-19880\",\n \"CVE-2019-19923\",\n \"CVE-2019-19924\",\n \"CVE-2019-19925\",\n \"CVE-2019-19926\",\n \"CVE-2019-19959\",\n \"CVE-2019-20218\",\n \"CVE-2020-9327\",\n \"CVE-2020-13434\",\n \"CVE-2020-13435\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\",\n \"CVE-2020-15358\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2320-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : sqlite3 (SUSE-SU-2021:2320-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2320-1 advisory.\n\n - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows\n context-dependent attackers to cause a denial of service (uninitialized memory access and application\n crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by\n COLLATE at the end of a SELECT statement. (CVE-2015-3414)\n\n - The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison\n operators, which allows context-dependent attackers to cause a denial of service (invalid free operation)\n or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O;>O) in a\n CREATE TABLE statement. (CVE-2015-3415)\n\n - sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window\n functions, and also has certain ORDER BY usage. (CVE-2019-19244)\n\n - lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated\n column, which allows attackers to cause a denial of service or possibly have unspecified other impact.\n (CVE-2019-19317)\n\n - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application\n crash. (CVE-2019-19603)\n\n - alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-\n referential views in conjunction with ALTER TABLE statements. (CVE-2019-19645)\n\n - pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain\n cases of generated columns. (CVE-2019-19646)\n\n - exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference\n because constant integer values in ORDER BY clauses of window definitions are mishandled. (CVE-2019-19880)\n\n - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT\n JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect\n results). (CVE-2019-19923)\n\n - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This\n is caused by incorrect sqlite3WindowRewrite() error handling. (CVE-2019-19924)\n\n - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP\n archive. (CVE-2019-19925)\n\n - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by\n errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for\n CVE-2019-19880. (CVE-2019-19926)\n\n - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving\n embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for\n example) valgrind. (CVE-2019-19959)\n\n - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.\n (CVE-2019-20218)\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)\n\n - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)\n\n - ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet\n feature. (CVE-2020-13630)\n\n - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related\n to alter.c and build.c. (CVE-2020-13631)\n\n - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo()\n query. (CVE-2020-13632)\n\n - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy\n heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)\n\n - In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and\n segmentation fault because of generated column optimizations. (CVE-2020-9327)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/928700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/928701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1160309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1160438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1160439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1164719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173641\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009137.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fe5c1d1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9327\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsqlite3-0, libsqlite3-0-32bit, sqlite3 and / or sqlite3-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsqlite3-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsqlite3-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sqlite3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2/3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'libsqlite3-0-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'libsqlite3-0-32bit-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'sqlite3-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'sqlite3-devel-3.36.0-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsqlit