(RHSA-2022:6182) Moderate: Openshift Logging Security and Bug Fix update (5.3.11)

2022-09-06T12:05:37

Description

Openshift Logging Bug Fix Release (5.3.11) Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

{"id": "RHSA-2022:6182", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2022:6182) Moderate: Openshift Logging Security and Bug Fix update (5.3.11)", "description": "Openshift Logging Bug Fix Release (5.3.11)\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2022-09-06T12:05:37", "modified": "2022-09-06T12:05:47", "epss": [{"cve": "CVE-2022-1292", "epss": 0.4824, "percentile": 0.9693, "modified": "2023-06-03"}, {"cve": "CVE-2022-1586", "epss": 0.00104, "percentile": 0.41393, "modified": "2023-06-03"}, {"cve": "CVE-2022-1785", "epss": 0.00042, "percentile": 0.05664, "modified": "2023-06-03"}, {"cve": "CVE-2022-1897", "epss": 0.00055, "percentile": 0.2088, "modified": "2023-06-03"}, {"cve": "CVE-2022-1927", "epss": 0.00053, "percentile": 0.19005, "modified": "2023-06-03"}, {"cve": "CVE-2022-2068", "epss": 0.25153, "percentile": 0.95969, "modified": "2023-06-03"}, {"cve": "CVE-2022-2097", "epss": 0.00131, "percentile": 0.46782, "modified": "2023-06-03"}, {"cve": "CVE-2022-2526", "epss": 0.00091, "percentile": 0.37813, "modified": "2023-06-03"}, {"cve": "CVE-2022-29154", "epss": 0.00053, "percentile": 0.18872, "modified": "2023-06-03"}, {"cve": "CVE-2022-30631", "epss": 0.00056, "percentile": 0.2105, "modified": "2023-06-03"}, {"cve": "CVE-2022-32206", "epss": 0.00072, "percentile": 0.29388, "modified": "2023-06-03"}, {"cve": "CVE-2022-32208", "epss": 0.00138, "percentile": 0.47931, "modified": "2023-06-03"}], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2022:6182", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-30631", "CVE-2022-32206", "CVE-2022-32208"], "immutableFields": [], "lastseen": "2023-06-03T15:19:08", "viewCount": 24, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY36.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2022:5775", "ALSA-2022:5799", "ALSA-2022:5809", "ALSA-2022:5813", "ALSA-2022:5818", "ALSA-2022:5942", "ALSA-2022:6157", "ALSA-2022:6159", "ALSA-2022:6180", "ALSA-2022:6206", "ALSA-2022:6224", "ALSA-2022:7519", "ALSA-2022:7529", "ALSA-2022:7648", "ALSA-2022:8057", "ALSA-2022:8098", "ALSA-2022:8250", "ALSA-2023:2758", "ALSA-2023:2802"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-1292", "ALPINE:CVE-2022-1586", "ALPINE:CVE-2022-1785", "ALPINE:CVE-2022-1927", "ALPINE:CVE-2022-2068", "ALPINE:CVE-2022-2097", "ALPINE:CVE-2022-29154", "ALPINE:CVE-2022-30631", "ALPINE:CVE-2022-32206", "ALPINE:CVE-2022-32208"]}, {"type": "altlinux", "idList": ["3141732BB2021EA68D3DA97B83154543", "633C03BED556A2D4B1647FF17E152F8E", "6E23DDCC163A0AA26B171D799284A657", "CCFE1C43CB1C1CB5D4AAB95CC66DB8E3", "DC23F0831E3469847CAB37ACA74D4BF7", "FEBB327D54BEB4D7815863E2E1629573"]}, {"type": "amazon", "idList": ["ALAS-2022-1605", "ALAS-2022-1626", "ALAS-2022-1628", "ALAS-2022-1635", "ALAS-2022-1646", "ALAS2-2022-1801", "ALAS2-2022-1815", "ALAS2-2022-1829", "ALAS2-2022-1831", "ALAS2-2022-1832", "ALAS2-2022-1846", "ALAS2-2022-1847", "ALAS2-2022-1854", "ALAS2-2022-1858", "ALAS2-2022-1859", "ALAS2-2022-1860", "ALAS2-2022-1861", "ALAS2-2022-1862", "ALAS2-2022-1863", "ALAS2-2022-1864", "ALAS2-2022-1865", "ALAS2-2022-1871", "ALAS2-2022-1873", "ALAS2-2022-1875", "ALAS2-2023-1974"]}, {"type": "apple", "idList": ["APPLE:138DC64ECE1F07104C6EF7D22CA29AAF"]}, {"type": "attackerkb", "idList": ["AKB:1FD1AB49-4B03-4316-8CB5-0D5AED193463"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2022:6160", "CESA-2022:6170"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0807"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:021E06997683B74BFB351B722EBA5743", "CFOUNDRY:1F1DB4BEF56C7D15A4CC564597DE6378", "CFOUNDRY:A90D0066848A6795976C42C24BE5640C", "CFOUNDRY:B7E6A5079F227CEE4C5688FD51374F06", "CFOUNDRY:B976FF7E95329810C356FAFA31D8F66D", "CFOUNDRY:D7650ADE92C68314BA78708380F89D91", "CFOUNDRY:F2B746A869BB5534012F51CB8C7E051A", "CFOUNDRY:FC9C9ABAC15C6B3196FC38BDD9A749E6"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1654529495", "CLSA-2022:1655320860", "CLSA-2022:1657817606", "CLSA-2022:1660761947", "CLSA-2022:1662658348"]}, {"type": "cve", "idList": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-30631", "CVE-2022-32206", "CVE-2022-32208"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3008-1:E2717", "DEBIAN:DLA-3085-1:091D8", "DEBIAN:DLA-3204-1:C26DB", "DEBIAN:DLA-3325-1:64304", "DEBIAN:DSA-5139-1:0E208", "DEBIAN:DSA-5169-1:87483", "DEBIAN:DSA-5197-1:EFC47", "DEBIAN:DSA-5343-1:765D3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-1292", "DEBIANCVE:CVE-2022-1586", "DEBIANCVE:CVE-2022-1785", "DEBIANCVE:CVE-2022-1897", "DEBIANCVE:CVE-2022-1927", "DEBIANCVE:CVE-2022-2068", "DEBIANCVE:CVE-2022-2097", "DEBIANCVE:CVE-2022-2526", "DEBIANCVE:CVE-2022-29154", "DEBIANCVE:CVE-2022-30631", "DEBIANCVE:CVE-2022-32206", "DEBIANCVE:CVE-2022-32208"]}, {"type": "f5", "idList": ["F5:K21600298", "F5:K23605974", "F5:K62444703"]}, {"type": "fedora", "idList": ["FEDORA:06AB430569DF", "FEDORA:12EF53035617", "FEDORA:19CE730C9D9A", "FEDORA:22FCF3068B43", "FEDORA:2811B3058385", "FEDORA:33286306DFC8", "FEDORA:72B64305719C", "FEDORA:7D9DB30528F7", "FEDORA:7EAFA309A18F", "FEDORA:9B455301E446", "FEDORA:A17AE3056A55", "FEDORA:A890B30832D3", "FEDORA:A8ACC30BAD11", "FEDORA:D802030583BF", "FEDORA:D9C5F3056A54", "FEDORA:DA5CB30BD1F6", "FEDORA:DEC25301DFE7", "FEDORA:EBE043099501"]}, {"type": "freebsd", "idList": ["21F43976-1887-11ED-9911-40B034429ECF", "4B9C1C17-587C-11ED-856E-D4C9EF517024", "4EEB93BF-F204-11EC-8FBD-D4C9EF517024", "8E150606-08C9-11ED-856E-D4C9EF517024", "A28E8B7E-FC70-11EC-856E-D4C9EF517024", "A4F2416C-02A0-11ED-B817-10C37B4AC2EA", "AE5722A6-F5F0-11EC-856E-D4C9EF517024", "B9210706-FEB0-11EC-81FA-1C697A616631", "FCEB2B08-CB76-11EC-A06F-D4C9EF517024"]}, {"type": "gentoo", "idList": ["GLSA-202208-02", "GLSA-202208-32", "GLSA-202210-02", "GLSA-202212-01", "GLSA-202305-16"]}, {"type": "github", "idList": ["GHSA-3WX7-46CH-7RQ2"]}, {"type": "githubexploit", "idList": ["33186A5F-0C7E-5542-AEC3-BEC940C50B5C", "4012995B-2E6C-5B0B-A5D0-B0B4278FDFF8", "404D6E8E-0255-5C32-ABE3-7BD16A827348", "8E0D4DF9-029A-59C5-B3A1-50166EA449CB", "90D0B73F-6288-58DF-893E-AE5DD3207FA3", "943DB0F0-F2AB-5166-9D88-62FA18433BBD", "9BA7DD91-CA4C-5195-B7A3-C78E108A7B74"]}, {"type": "hackerone", "idList": ["H1:1570651", "H1:1590071", "H1:1614330", "H1:1614332"]}, {"type": "huntr", "idList": ["82C12151-C283-40CF-AA05-2E39EFA89118", "8C969CBA-EEF2-4943-B44A-4E3089599109", "945107EF-0B27-41C7-A03C-DB99DEF0E777"]}, {"type": "ibm", "idList": ["00D7F5B9A8288919AB4548A77C928214A7A17795F7FF18FD6FA284C19181B10B", "00E427FDE1ED2FCC942B37A9297706D3A726FAC519A340420CCF652F75075CF5", "0505D8C5E11C0E99E93BD29F133B6B0ACD7C7D98BE2E3E46B53047D320E6B780", "07EE218335DDC3C7223D7837ADF53633B6F4AC704EC2C983CA17BD0E6FD05CF3", "0D85E5287523B83245752DC2E09287130E098DCDD6446DA2E1DF6BC26D74E767", "2007FD1781CF2022D192260E43DD6A6A9D75EAE1E583F1FF51351C7A5D643FB1", "28AF07FA415EFB4C0600E47198E77EFE267BF4907EB58703528CAAFC4FB07FDE", "2A7A7E36601C6E4D31E8BA0D7AAC60D5687103E89CE9D3C6A19F73E786347129", "2BD451F728498A459873394799F530D4D51F43311EBB3F67033751E1E24230B4", "2D1E0AF86890024DCD58C335D3F87CC6F19FEB1FAF93A7135042D81C1A434957", "31B7E3DA0F86F2CF0C6154CAB5DAC5B34555CBFD54ADF74D9B4941841D3359E9", "32A60A9C1BA6A62100EB71CDFA36BDD4A97E492CAF4EC2F477EF0C0B4B0BBA9B", "3669E45D7FE2AA83192FF44FAA60FB349B5D39469F2B30F7D69463B2868B4908", "38DD06C129EED68D8F33F1F61DCC1F5DFDC73D326BF52588ACC3F4362E663F74", "3C1A78B2884463FDD0373C1C8B938DC6B62E78494896694E30B6E9004C4B927F", "4443FADC35F66CB2BCB006621C9AB426E9DE09C7297783AC62E37E88CB616611", "4755FB3CE3C36A79DA9DEF921D1C61A8971606D4BA507E8F90C7BCDDF87DEFCF", "4799E621AAC3B2F147ABA50C4B1BDDD086D1674BCB8D390C130E00A00C814DF6", "496D1442E6BA8A6137102D042D945E6932A39AD824C40F1EC57D3D14D4666E29", "4A5FDA09F34D5E188ADCF94D0A1C7DA3C41901767CCA1D560B94338829A41A3D", "4D02085D2FC3BBBFFB937600F3D20F307F3BD5CB2B73614927F979C8B91D5559", "50AE699C07E5F70B1AE3CA20358AC40C0A249282AA93BC9AF6AEF12C0640B515", "511CA1E500DC586414BB6B9BB4B63C20269EBEAA9179BDB82DDF8DD35087FBA8", "58942187750FE51475FC153C3365F0A232A58011A0B3369E6D2C7B24AEC2CB46", "59908A18326C0B2735E4B8559B62E2A702B100E3976A18E7090E45555AAFA05D", "5B94B82BCC3B58026270D02D14DED2CA94DC002273698034F1BF4731A17FCD56", "5F4A0C2884928132058FB1F6A2A491E93E6AD59F7652C09398215C3B1702DA1D", "60686B0289DCD14F2853EA0A4DD161ED83964A96330DAD3A2EBFC7C1DD968347", "63C8B1DC63A3A0D366B1AA0E3DB24BD123F14B4EB29B74139B4FE1590E5E48A3", "6633C4F2A1D21D1D5E14BC83D6A9A6A198930F1D2E1B2369B98E573231CBFFBA", "6F16F136BCBC8DF0C1DBC581FA13A1E792D2E9E47A077464DED21E407E2254EA", "6F4E5F0514046C4DFF7589304AC388DE078407580FB80C083E9C6EEB1EF34EAA", "70C52835D439D05D295FB163B1E67786F3104DC1F4B9CD79AC81516B21B46D46", "71D0066AB30B4D7CDBC8617E06029534108D1E91FB970B489F24F94CE6A185D1", "77A5CD46FD3C6940EFC34DE8C8AA831927106A12E0E3EAC862A5D46723F4092E", "7D3C63B22205AC5B9D5BB56B7AC216EFF1A8B7D4259EA95A9A54A02642A96043", "80677B3F51E62D583D34B4C27E3BEC18B4021761B9E5FDFD6BFC664229840133", "8179A3903584C27193924DDC106FB30D81DA90EC7483D34D417B2A8E24E5A851", "844D4377DE7D11C183AEF7BEEBFF5150237624CCAE269BEC3996C7B05598840C", "846482DEB927A7614576318454D0B7C7ED2CCC26E90AD752D7A2A82CD944F725", "88007251DE025BA6920FEFA3D83D23EBBCF56329C41A8CEA9B069696B51EB15F", "888AC6CE99B291DF2AE2CA6EF15D575728F4461472C45FFCEB2B5E8A78735820", "8C5F81E1994499DBB0DE67BE5FE7D15F748FAEF0DB15BBA4651F5D23252455DB", "8CEFDEF4B4C0388189027A8FB575EC1F5C16BE39686B9B792A50797930492FB1", "8D3DC4C0F4B602401A017F1C43683FCAA488ACB5436C20C977220D96118FA802", "8F5E37B1492215750DE26664A7C69EEF4EF0583C2F012D3F658AE9A44437DA40", "8FE6A7F075F86C24AA6EB4751889925EF3E6DEAF59DA441D1C361342182F6645", "954B901FB199DE0B672BB799941A63760A9851C6EF21D1CDD9356E28D85DFB83", "9571CC4C328FC49BDE460E3DDB8089A16540E8193A13ACAE69B87BCD550C3EF1", "96D4152DE1D591E0C07748B17639CA32E83418ACCDE15888065A9CB41E619103", "97769C49B35E25C6B8FA85B9C97DAEDD858E7FBBFD2A1F42B1908E247FD64213", "9A36428D0FC14586B1CFD0917D5A540994A007817B22465BD9C03FF64BCF0244", "9B5E5BC13D4397737B050BD8441A6D224B8904878CC85547639E0E0B26AE58F4", "9F1CABD3527BC3FA5C4B8E3834920B11E7FB3196D76ECD7B9C586F89850BCFCF", "9FD583B4EB98DE738D4995A7051ACB001233C81BBDFA0CEB3450CE85EA2D30A9", "A9E95ACFA12F14901F06AEB72CE135C981AC1F52E5EEB65793FACC0F0CBD2136", "AC8A176111C5D0EEF4CBEEF646DE5672F13451B994F8BB844C6C076689090D26", "AD6CCE2A1D5A9869BD583668A696E96D5711DC6790008CC35A1991D46E49ABE2", "AE567113545218823FAE52D3A477168F041C0F35D4EE0A605E4BEBE15225DAAD", "B2935D1E5D6DCB8DDCB55DAB9AFC84173D173B6F585344249BE7D99FD52CC06C", "B492F0296BDA567C4F98187476A828370D969E5E55C2ADEF50B3218415B91F81", "BB835784EC2D9827E0C713B8CEBB22D4D036E9F7C61CB083D60E4560EC27B247", "BEE2F0B9EB777EFAB0969E75C6AA811239753CA8FC3BFB3483BC57555F17DA20", "BEE5E5DB520EA27AD3E9D28AB2947012B002F3FA33DD8359FAC9C5173657E3FC", "BFF9E7158120F8B43A89CEF476D8622AA1DB0E88B693EA0C9A09920DE0FF7A06", "C50D4EBD7B0A4CD39BB1DB3F96BA777B408E814B71EB2DC35C09C525547B89BD", "C71235B9EB6EDAE21C87F038209FAA80F05E9B26A6336CECB453B01119F347D8", "C78ADDC242FF231DC015D95FD5CD4F0B13044D3779FED615D8FEF3677D378A3D", "C99D67803BFD73930442219D39998CC1441C9085678ABD9BCC90538D996C4E65", "D0ECA589AFF43C5195AFD20F65884B7E577C50A6D0FDA18EAEDC8165498E1CC8", "DE3422F091BEAF937A6AAF2F474509A669B7CE95027496E1A397C52DB56CA841", "DEB42D37472DABA41D449842B1B5C261C9033E9118FC181AE309B0216062035B", "E04F9DE1174EFB4A26CD756DF59E4C46606A4BD4063992B465E76804515C6833", "E3E1561E62C1342A9E57F3FDEAFCCD7BD9FDE04EC3809D8BA125EC1ABD1ECE37", "E8EFCA8810003524E6931CD5AFDC084870201D5052BAC467C09EBF324F61A84B", "EA14EC6134110E482A82A70BFDEAD48335455A70FA71C151C62860AACE47AA41", "ECEA81167474E628676BE2220B7270046550BA299B21A5F78C0C55243D2787DC", "ED5CC772C4879175949A026879AB98730A2CB44FA2A70F04E865D49394F0358A", "F2018DF6B5783A154F66D47CF61A02700B33271E5A9BF9B7EA3DF4AD976BD52B", "F6A8FCCCCDFD07AD745A1DB2E59B89AC71F4BB462395AE22A36C32F72FACD220", "F7A6477C1B14AA0D43117B4EC882157DA5211AA8E68BDE96AFDE742CE85551BD", "F7D6563C7EB9219547AC97FD5114C98BE52E7D27590CF0878A24992B862B7845", "F8949F00CDCE086FCFA5F40AFADF9DB9E3B4DD10AB910034C41279EA96313C2A", "F96C14C4670BF2970578877304F86FD985860F96EB5A331A5EE62FAA61BA548D", "FD0169F3AFC31A4C1DB0963A8A7D69906A9B7AFA2CD77DB9B90B743256EB9F44"]}, {"type": "ics", "idList": ["ICSA-22-221-01", "ICSA-22-221-01-0", "ICSA-22-319-01", "ICSA-22-349-18", "ICSA-23-017-03", "ICSA-23-047-03", "ICSA-23-075-01", "ICSA-23-103-09"]}, {"type": "mageia", "idList": ["MGASA-2022-0173", "MGASA-2022-0223", "MGASA-2022-0246", "MGASA-2022-0250", "MGASA-2022-0255", "MGASA-2022-0262", "MGASA-2022-0302", "MGASA-2022-0417"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-071.NASL", "AL2022_ALAS2022-2022-104.NASL", "AL2022_ALAS2022-2022-105.NASL", "AL2022_ALAS2022-2022-116.NASL", "AL2022_ALAS2022-2022-123.NASL", "AL2022_ALAS2022-2022-128.NASL", "AL2022_ALAS2022-2022-145.NASL", "AL2022_ALAS2022-2022-147.NASL", "AL2022_ALAS2022-2022-148.NASL", "AL2022_ALAS2022-2022-155.NASL", "AL2022_ALAS2022-2022-158.NASL", "AL2022_ALAS2022-2022-191.NASL", "AL2022_ALAS2022-2022-192.NASL", "AL2022_ALAS2022-2022-193.NASL", "AL2022_ALAS2022-2022-195.NASL", "AL2022_ALAS2022-2022-206.NASL", "AL2023_ALAS2023-2023-002.NASL", "AL2023_ALAS2023-2023-045.NASL", "AL2023_ALAS2023-2023-046.NASL", "AL2023_ALAS2023-2023-047.NASL", "AL2023_ALAS2023-2023-048.NASL", "AL2023_ALAS2023-2023-051.NASL", "AL2023_ALAS2023-2023-054.NASL", "AL2023_ALAS2023-2023-083.NASL", "AL2023_ALAS2023-2023-098.NASL", "AL2_ALAS-2022-1801.NASL", "AL2_ALAS-2022-1815.NASL", "AL2_ALAS-2022-1829.NASL", "AL2_ALAS-2022-1831.NASL", "AL2_ALAS-2022-1832.NASL", "AL2_ALAS-2022-1846.NASL", "AL2_ALAS-2022-1847.NASL", "AL2_ALAS-2022-1854.NASL", "AL2_ALAS-2022-1858.NASL", "AL2_ALAS-2022-1859.NASL", "AL2_ALAS-2022-1860.NASL", "AL2_ALAS-2022-1861.NASL", "AL2_ALAS-2022-1862.NASL", "AL2_ALAS-2022-1863.NASL", "AL2_ALAS-2022-1864.NASL", "AL2_ALAS-2022-1865.NASL", "AL2_ALAS-2022-1871.NASL", "AL2_ALAS-2022-1873.NASL", "AL2_ALAS-2022-1875.NASL", "AL2_ALAS-2023-1974.NASL", "AL2_ALASDOCKER-2022-020.NASL", "ALA_ALAS-2022-1605.NASL", "ALA_ALAS-2022-1626.NASL", "ALA_ALAS-2022-1628.NASL", "ALA_ALAS-2022-1635.NASL", "ALA_ALAS-2022-1646.NASL", "ALMA_LINUX_ALSA-2022-5251.NASL", "ALMA_LINUX_ALSA-2022-5775.NASL", "ALMA_LINUX_ALSA-2022-5799.NASL", "ALMA_LINUX_ALSA-2022-5809.NASL", "ALMA_LINUX_ALSA-2022-5813.NASL", "ALMA_LINUX_ALSA-2022-5818.NASL", "ALMA_LINUX_ALSA-2022-5942.NASL", "ALMA_LINUX_ALSA-2022-6157.NASL", "ALMA_LINUX_ALSA-2022-6159.NASL", "ALMA_LINUX_ALSA-2022-6180.NASL", "ALMA_LINUX_ALSA-2022-6181.NASL", "ALMA_LINUX_ALSA-2022-6206.NASL", "ALMA_LINUX_ALSA-2022-6224.NASL", "ALMA_LINUX_ALSA-2022-7519.NASL", "ALMA_LINUX_ALSA-2022-7529.NASL", "ALMA_LINUX_ALSA-2022-7648.NASL", "ALMA_LINUX_ALSA-2022-8057.NASL", "ALMA_LINUX_ALSA-2022-8098.NASL", "ALMA_LINUX_ALSA-2022-8250.NASL", "ALMA_LINUX_ALSA-2023-2758.NASL", "ALMA_LINUX_ALSA-2023-2802.NASL", "CENTOS8_RHSA-2022-5775.NASL", "CENTOS8_RHSA-2022-7519.NASL", "CENTOS8_RHSA-2022-7529.NASL", "CENTOS8_RHSA-2022-7648.NASL", "CENTOS8_RHSA-2023-2758.NASL", "CENTOS8_RHSA-2023-2802.NASL", "CENTOS_RHSA-2022-6160.NASL", "CENTOS_RHSA-2022-6170.NASL", "DEBIAN_DLA-3008.NASL", "DEBIAN_DLA-3085.NASL", "DEBIAN_DLA-3204.NASL", "DEBIAN_DLA-3325.NASL", "DEBIAN_DLA-3363.NASL", "DEBIAN_DSA-5139.NASL", "DEBIAN_DSA-5169.NASL", "DEBIAN_DSA-5197.NASL", "DEBIAN_DSA-5343.NASL", "EULEROS_SA-2022-1909.NASL", "EULEROS_SA-2022-1924.NASL", "EULEROS_SA-2022-1943.NASL", "EULEROS_SA-2022-1944.NASL", "EULEROS_SA-2022-1945.NASL", "EULEROS_SA-2022-1977.NASL", "EULEROS_SA-2022-2007.NASL", "EULEROS_SA-2022-2098.NASL", "EULEROS_SA-2022-2118.NASL", "EULEROS_SA-2022-2143.NASL", "EULEROS_SA-2022-2168.NASL", "EULEROS_SA-2022-2215.NASL", "EULEROS_SA-2022-2228.NASL", "EULEROS_SA-2022-2237.NASL", "EULEROS_SA-2022-2247.NASL", "EULEROS_SA-2022-2250.NASL", "EULEROS_SA-2022-2260.NASL", "EULEROS_SA-2022-2263.NASL", "EULEROS_SA-2022-2276.NASL", "EULEROS_SA-2022-2282.NASL", "EULEROS_SA-2022-2288.NASL", "EULEROS_SA-2022-2300.NASL", "EULEROS_SA-2022-2301.NASL", "EULEROS_SA-2022-2307.NASL", "EULEROS_SA-2022-2310.NASL", "EULEROS_SA-2022-2317.NASL", "EULEROS_SA-2022-2329.NASL", "EULEROS_SA-2022-2330.NASL", "EULEROS_SA-2022-2336.NASL", "EULEROS_SA-2022-2341.NASL", "EULEROS_SA-2022-2360.NASL", "EULEROS_SA-2022-2361.NASL", "EULEROS_SA-2022-2369.NASL", "EULEROS_SA-2022-2396.NASL", "EULEROS_SA-2022-2397.NASL", "EULEROS_SA-2022-2405.NASL", "EULEROS_SA-2022-2413.NASL", "EULEROS_SA-2022-2419.NASL", "EULEROS_SA-2022-2426.NASL", "EULEROS_SA-2022-2432.NASL", "EULEROS_SA-2022-2446.NASL", "EULEROS_SA-2022-2448.NASL", "EULEROS_SA-2022-2450.NASL", "EULEROS_SA-2022-2454.NASL", "EULEROS_SA-2022-2476.NASL", "EULEROS_SA-2022-2479.NASL", "EULEROS_SA-2022-2525.NASL", "EULEROS_SA-2022-2541.NASL", "EULEROS_SA-2022-2548.NASL", "EULEROS_SA-2022-2549.NASL", "EULEROS_SA-2022-2578.NASL", "EULEROS_SA-2022-2579.NASL", "EULEROS_SA-2022-2580.NASL", "EULEROS_SA-2022-2594.NASL", "EULEROS_SA-2022-2629.NASL", "EULEROS_SA-2022-2639.NASL", "EULEROS_SA-2022-2651.NASL", "EULEROS_SA-2022-2664.NASL", "EULEROS_SA-2022-2683.NASL", "EULEROS_SA-2022-2696.NASL", "EULEROS_SA-2022-2710.NASL", "EULEROS_SA-2022-2742.NASL", "EULEROS_SA-2022-2777.NASL", "EULEROS_SA-2022-2852.NASL", "EULEROS_SA-2022-2868.NASL", "EULEROS_SA-2022-2872.NASL", "EULEROS_SA-2022-2877.NASL", "EULEROS_SA-2022-2879.NASL", "EULEROS_SA-2022-2886.NASL", "EULEROS_SA-2022-2890.NASL", "EULEROS_SA-2022-2895.NASL", "EULEROS_SA-2022-2897.NASL", "EULEROS_SA-2022-2916.NASL", "EULEROS_SA-2022-2942.NASL", "EULEROS_SA-2023-1203.NASL", "EULEROS_SA-2023-1233.NASL", "EULEROS_SA-2023-1281.NASL", "EULEROS_SA-2023-1290.NASL", "EULEROS_SA-2023-1303.NASL", "EULEROS_SA-2023-1339.NASL", "EULEROS_SA-2023-1698.NASL", "EULEROS_SA-2023-1729.NASL", "EULEROS_SA-2023-1736.NASL", "EULEROS_SA-2023-1738.NASL", "FEDORA_2022-E56085BA31.NASL", "FREEBSD_PKG_21F43976188711ED991140B034429ECF.NASL", "FREEBSD_PKG_4B9C1C17587C11ED856ED4C9EF517024.NASL", "FREEBSD_PKG_4EEB93BFF20411EC8FBDD4C9EF517024.NASL", "FREEBSD_PKG_8E15060608C911ED856ED4C9EF517024.NASL", "FREEBSD_PKG_A28E8B7EFC7011EC856ED4C9EF517024.NASL", "FREEBSD_PKG_A4F2416C02A011EDB81710C37B4AC2EA.NASL", "FREEBSD_PKG_AE5722A6F5F011EC856ED4C9EF517024.NASL", "FREEBSD_PKG_B9210706FEB011EC81FA1C697A616631.NASL", "FREEBSD_PKG_FCEB2B08CB7611ECA06FD4C9EF517024.NASL", "GENTOO_GLSA-202208-02.NASL", "GENTOO_GLSA-202208-32.NASL", "GENTOO_GLSA-202210-02.NASL", "GENTOO_GLSA-202212-01.NASL", "GENTOO_GLSA-202305-16.NASL", "IBM_ASPERA_FASPEX_4_4_2_185316.NASL", "MARINER_CURL_CVE-2022-32206.NASL", "MARINER_CURL_CVE-2022-32208.NASL", "MARINER_OPENSSL_CVE-2022-1292.NASL", "MARINER_OPENSSL_CVE-2022-2097.NASL", "MARINER_VIM_CVE-2022-1785.NASL", "MYSQL_5_7_39.NASL", "MYSQL_5_7_40.NASL", "MYSQL_8_0_30.NASL", "MYSQL_8_0_31.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_32.NASL", "NESSUS_TNS-2023-10.NASL", "NEWSTART_CGSL_NS-SA-2022-0079_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2022-0100_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2023-0001_RSYNC.NASL", "NEWSTART_CGSL_NS-SA-2023-0006_RSYNC.NASL", "NEWSTART_CGSL_NS-SA-2023-0010_RSYNC.NASL", "NODEJS_2022_JUL.NASL", "NUTANIX_NXSA-AHV-20220304_10013.NASL", "NUTANIX_NXSA-AHV-20220304_242.NASL", "NUTANIX_NXSA-AOS-5_20_5.NASL", "NUTANIX_NXSA-AOS-6_5_1_5.NASL", "NUTANIX_NXSA-AOS-6_5_2.NASL", "NUTANIX_NXSA-AOS-6_6.NASL", "OPENSSL_1_0_2ZE.NASL", "OPENSSL_1_0_2ZF.NASL", "OPENSSL_1_1_1O.NASL", "OPENSSL_1_1_1P.NASL", "OPENSSL_1_1_1Q.NASL", "OPENSSL_3_0_3.NASL", "OPENSSL_3_0_4.NASL", "OPENSSL_3_0_5.NASL", "ORACLELINUX_ELSA-2022-23681.NASL", "ORACLELINUX_ELSA-2022-24267.NASL", "ORACLELINUX_ELSA-2022-5251.NASL", "ORACLELINUX_ELSA-2022-5775.NASL", "ORACLELINUX_ELSA-2022-5799.NASL", "ORACLELINUX_ELSA-2022-5809.NASL", "ORACLELINUX_ELSA-2022-5813.NASL", "ORACLELINUX_ELSA-2022-5818.NASL", "ORACLELINUX_ELSA-2022-5942.NASL", "ORACLELINUX_ELSA-2022-6157.NASL", "ORACLELINUX_ELSA-2022-6159.NASL", "ORACLELINUX_ELSA-2022-6160.NASL", "ORACLELINUX_ELSA-2022-6170.NASL", "ORACLELINUX_ELSA-2022-6180.NASL", "ORACLELINUX_ELSA-2022-6181.NASL", "ORACLELINUX_ELSA-2022-6206.NASL", "ORACLELINUX_ELSA-2022-6224.NASL", "ORACLELINUX_ELSA-2022-7519.NASL", "ORACLELINUX_ELSA-2022-7529.NASL", "ORACLELINUX_ELSA-2022-7648.NASL", "ORACLELINUX_ELSA-2022-8057.NASL", "ORACLELINUX_ELSA-2022-8250.NASL", "ORACLELINUX_ELSA-2022-9683.NASL", "ORACLELINUX_ELSA-2022-9751.NASL", "ORACLELINUX_ELSA-2023-2758.NASL", "ORACLELINUX_ELSA-2023-2802.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_JUL_2022.NASL", "ORACLE_ESSBASE_CPU_JAN_2023.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_OCT_2022.NASL", "ORACLE_RDBMS_CPU_OCT_2022.NASL", "REDHAT-RHSA-2022-5251.NASL", "REDHAT-RHSA-2022-5775.NASL", "REDHAT-RHSA-2022-5799.NASL", "REDHAT-RHSA-2022-5809.NASL", "REDHAT-RHSA-2022-5813.NASL", "REDHAT-RHSA-2022-5818.NASL", "REDHAT-RHSA-2022-5866.NASL", "REDHAT-RHSA-2022-5942.NASL", "REDHAT-RHSA-2022-6061.NASL", "REDHAT-RHSA-2022-6062.NASL", "REDHAT-RHSA-2022-6065.NASL", "REDHAT-RHSA-2022-6066.NASL", "REDHAT-RHSA-2022-6157.NASL", "REDHAT-RHSA-2022-6159.NASL", "REDHAT-RHSA-2022-6160.NASL", "REDHAT-RHSA-2022-6161.NASL", "REDHAT-RHSA-2022-6162.NASL", "REDHAT-RHSA-2022-6163.NASL", "REDHAT-RHSA-2022-6170.NASL", "REDHAT-RHSA-2022-6171.NASL", "REDHAT-RHSA-2022-6172.NASL", "REDHAT-RHSA-2022-6173.NASL", "REDHAT-RHSA-2022-6180.NASL", "REDHAT-RHSA-2022-6181.NASL", "REDHAT-RHSA-2022-6206.NASL", "REDHAT-RHSA-2022-6224.NASL", "REDHAT-RHSA-2022-6551.NASL", "REDHAT-RHSA-2022-7519.NASL", "REDHAT-RHSA-2022-7529.NASL", "REDHAT-RHSA-2022-7648.NASL", "REDHAT-RHSA-2022-8057.NASL", "REDHAT-RHSA-2022-8098.NASL", "REDHAT-RHSA-2022-8250.NASL", "REDHAT-RHSA-2022-8840.NASL", "REDHAT-RHSA-2022-8917.NASL", "REDHAT-RHSA-2023-2758.NASL", "REDHAT-RHSA-2023-2802.NASL", "ROCKY_LINUX_RLSA-2022-5799.NASL", "ROCKY_LINUX_RLSA-2022-5813.NASL", "ROCKY_LINUX_RLSA-2022-6159.NASL", "ROCKY_LINUX_RLSA-2022-6180.NASL", "ROCKY_LINUX_RLSA-2022-6206.NASL", "ROCKY_LINUX_RLSA-2022-8057.NASL", "ROCKY_LINUX_RLSA-2022-8098.NASL", "SECURITYCENTER_5_23_1_TNS_2023_08.NASL", "SENSORPROXY_1_0_7_TNS_2023_15.NASL", "SLACKWARE_SSA_2022-124-02.NASL", "SLACKWARE_SSA_2022-174-01.NASL", "SLACKWARE_SSA_2022-179-01.NASL", "SLACKWARE_SSA_2022-179-03.NASL", "SLACKWARE_SSA_2022-186-01.NASL", "SLACKWARE_SSA_2022-227-01.NASL", "SL_20220825_RSYNC_ON_SL7_X.NASL", "SL_20220825_SYSTEMD_ON_SL7_X.NASL", "SUSE_SU-2022-1836-1.NASL", "SUSE_SU-2022-1883-1.NASL", "SUSE_SU-2022-2068-1.NASL", "SUSE_SU-2022-2075-1.NASL", "SUSE_SU-2022-2098-1.NASL", "SUSE_SU-2022-2102-1.NASL", "SUSE_SU-2022-2106-1.NASL", "SUSE_SU-2022-2179-1.NASL", "SUSE_SU-2022-2180-1.NASL", "SUSE_SU-2022-2181-1.NASL", "SUSE_SU-2022-2182-1.NASL", "SUSE_SU-2022-2197-1.NASL", "SUSE_SU-2022-2251-1.NASL", "SUSE_SU-2022-2288-1.NASL", "SUSE_SU-2022-2305-1.NASL", "SUSE_SU-2022-2306-1.NASL", "SUSE_SU-2022-2308-1.NASL", "SUSE_SU-2022-2309-1.NASL", "SUSE_SU-2022-2311-1.NASL", "SUSE_SU-2022-2312-1.NASL", "SUSE_SU-2022-2321-1.NASL", "SUSE_SU-2022-2327-1.NASL", "SUSE_SU-2022-2328-1.NASL", "SUSE_SU-2022-2334-1.NASL", "SUSE_SU-2022-2356-1.NASL", "SUSE_SU-2022-2360-1.NASL", "SUSE_SU-2022-2361-1.NASL", "SUSE_SU-2022-2417-1.NASL", "SUSE_SU-2022-2671-1.NASL", "SUSE_SU-2022-2672-1.NASL", "SUSE_SU-2022-2813-1.NASL", "SUSE_SU-2022-2825-1.NASL", "SUSE_SU-2022-2829-1.NASL", "SUSE_SU-2022-2858-1.NASL", "SUSE_SU-2022-2859-1.NASL", "SUSE_SU-2022-2959-1.NASL", "SUSE_SU-2022-4619-1.NASL", "SUSE_SU-2023-2312-1.NASL", "TENABLE_NESSUS_AGENT_TNS-2023-13.NASL", "TENABLE_OT_SIEMENS_CVE-2022-32206.NASL", "TENABLE_OT_SIEMENS_CVE-2022-32208.NASL", "UBUNTU_USN-5402-1.NASL", "UBUNTU_USN-5402-2.NASL", "UBUNTU_USN-5488-1.NASL", "UBUNTU_USN-5488-2.NASL", "UBUNTU_USN-5495-1.NASL", "UBUNTU_USN-5498-1.NASL", "UBUNTU_USN-5499-1.NASL", "UBUNTU_USN-5502-1.NASL", "UBUNTU_USN-5507-1.NASL", "UBUNTU_USN-5583-1.NASL", "UBUNTU_USN-5627-1.NASL", "UBUNTU_USN-5921-1.NASL", "UBUNTU_USN-5995-1.NASL", "UBUNTU_USN-6038-1.NASL", "ZIMBRA_9_0_0_P26.NASL"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:JULY-2022-SECURITY-RELEASES", "NODEJSBLOG:OPENSSL-FIXES-IN-REGULAR-RELEASES-JUN2022", "NODEJSBLOG:OPENSSL-FIXES-IN-REGULAR-RELEASES-MAY2022"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2022-1292", "OPENSSL:CVE-2022-2068", "OPENSSL:CVE-2022-2097"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2023", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-23681", "ELSA-2022-24267", "ELSA-2022-5251", "ELSA-2022-5775", "ELSA-2022-5799", "ELSA-2022-5809", "ELSA-2022-5813", "ELSA-2022-5818", "ELSA-2022-5942", "ELSA-2022-6157", "ELSA-2022-6159", "ELSA-2022-6160", "ELSA-2022-6170", "ELSA-2022-6180", "ELSA-2022-6181", "ELSA-2022-6206", "ELSA-2022-6224", "ELSA-2022-7519", "ELSA-2022-7529", "ELSA-2022-7648", "ELSA-2022-8057", "ELSA-2022-8250", "ELSA-2022-9683", "ELSA-2022-9751", "ELSA-2023-2758", "ELSA-2023-2802"]}, {"type": "osv", "idList": ["OSV:CVE-2022-1292", "OSV:CVE-2022-1586", "OSV:CVE-2022-2068", "OSV:CVE-2022-2097", "OSV:CVE-2022-29154", "OSV:CVE-2022-32206", "OSV:CVE-2022-32208", "OSV:DLA-3008-1", "OSV:DLA-3085-1", "OSV:DLA-3204-1", "OSV:DLA-3325-1", "OSV:DLA-3363-1", "OSV:DSA-5139-1", "OSV:DSA-5169-1", "OSV:DSA-5197-1", "OSV:DSA-5343-1", "OSV:GHSA-3WX7-46CH-7RQ2", "OSV:GO-2022-0524", "OSV:GSD-2022-1002526", "OSV:GSD-2022-2274", "OSV:RUSTSEC-2022-0032"]}, {"type": "photon", "idList": ["PHSA-2022-0185", "PHSA-2022-0199", "PHSA-2022-0202", "PHSA-2022-0207", "PHSA-2022-0223", "PHSA-2022-0242", "PHSA-2022-0404", "PHSA-2022-0406", "PHSA-2022-0408", "PHSA-2022-0412", "PHSA-2022-0415", "PHSA-2022-0430", "PHSA-2022-0487", "PHSA-2022-0490", "PHSA-2022-0491", "PHSA-2022-0493", "PHSA-2022-0503", "PHSA-2022-0512", "PHSA-2022-3.0-0391", "PHSA-2022-3.0-0404", "PHSA-2022-3.0-0406", "PHSA-2022-3.0-0408", "PHSA-2022-3.0-0412", "PHSA-2022-3.0-0415", "PHSA-2022-3.0-0430", "PHSA-2022-3.0-0445", "PHSA-2022-3.0-0456", "PHSA-2022-4.0-0185", "PHSA-2022-4.0-0199", "PHSA-2022-4.0-0202", "PHSA-2022-4.0-0207", "PHSA-2022-4.0-0223", "PHSA-2022-4.0-0242"]}, {"type": "redhat", "idList": ["RHSA-2022:5069", "RHSA-2022:5251", "RHSA-2022:5775", "RHSA-2022:5799", "RHSA-2022:5809", "RHSA-2022:5813", "RHSA-2022:5818", "RHSA-2022:5866", "RHSA-2022:5875", "RHSA-2022:5879", "RHSA-2022:5923", "RHSA-2022:5924", "RHSA-2022:5942", "RHSA-2022:6024", "RHSA-2022:6040", "RHSA-2022:6042", "RHSA-2022:6051", "RHSA-2022:6053", "RHSA-2022:6061", "RHSA-2022:6062", "RHSA-2022:6065", "RHSA-2022:6066", "RHSA-2022:6103", "RHSA-2022:6113", "RHSA-2022:6152", "RHSA-2022:6156", "RHSA-2022:6157", "RHSA-2022:6159", "RHSA-2022:6160", "RHSA-2022:6161", "RHSA-2022:6162", "RHSA-2022:6163", "RHSA-2022:6170", "RHSA-2022:6171", "RHSA-2022:6172", "RHSA-2022:6173", "RHSA-2022:6180", "RHSA-2022:6181", "RHSA-2022:6183", "RHSA-2022:6184", "RHSA-2022:6187", "RHSA-2022:6188", "RHSA-2022:6206", "RHSA-2022:6224", "RHSA-2022:6252", "RHSA-2022:6258", "RHSA-2022:6262", "RHSA-2022:6263", "RHSA-2022:6271", "RHSA-2022:6283", "RHSA-2022:6287", "RHSA-2022:6290", "RHSA-2022:6308", "RHSA-2022:6317", "RHSA-2022:6318", "RHSA-2022:6322", "RHSA-2022:6344", "RHSA-2022:6345", "RHSA-2022:6346", "RHSA-2022:6347", "RHSA-2022:6348", "RHSA-2022:6370", "RHSA-2022:6422", "RHSA-2022:6429", "RHSA-2022:6430", "RHSA-2022:6507", "RHSA-2022:6517", "RHSA-2022:6526", "RHSA-2022:6551", "RHSA-2022:6560", "RHSA-2022:6681", "RHSA-2022:6696", "RHSA-2022:6714", "RHSA-2022:6890", "RHSA-2022:7055", "RHSA-2022:7058", "RHSA-2022:7398", "RHSA-2022:7399", "RHSA-2022:7519", "RHSA-2022:7529", "RHSA-2022:7648", "RHSA-2022:8057", "RHSA-2022:8098", "RHSA-2022:8250", "RHSA-2022:8750", "RHSA-2022:8781", "RHSA-2022:8840", "RHSA-2022:8841", "RHSA-2022:8889", "RHSA-2022:8913", "RHSA-2022:8917", "RHSA-2023:0407", "RHSA-2023:0408", "RHSA-2023:0542", "RHSA-2023:0584", "RHSA-2023:0693", "RHSA-2023:1042", "RHSA-2023:1428", "RHSA-2023:1529", "RHSA-2023:2041", "RHSA-2023:2758", "RHSA-2023:2802"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-1292", "RH:CVE-2022-1586", "RH:CVE-2022-1785", "RH:CVE-2022-1897", "RH:CVE-2022-1927", "RH:CVE-2022-2068", "RH:CVE-2022-2097", "RH:CVE-2022-2526", "RH:CVE-2022-29154", "RH:CVE-2022-30631", "RH:CVE-2022-32206", "RH:CVE-2022-32208"]}, {"type": "redos", "idList": ["ROS-20220524-01", "ROS-20220525-01", "ROS-20220622-02", "ROS-20221216-02"]}, {"type": "rocky", "idList": ["RLSA-2022:5251", "RLSA-2022:5775", "RLSA-2022:5799", "RLSA-2022:5809", "RLSA-2022:5813", "RLSA-2022:5818", "RLSA-2022:5942", "RLSA-2022:6157", "RLSA-2022:6159", "RLSA-2022:6180", "RLSA-2022:6181", "RLSA-2022:6206", "RLSA-2022:6224", "RLSA-2022:7519", "RLSA-2022:7529", "RLSA-2022:7648", "RLSA-2022:8057", "RLSA-2022:8098", "RLSA-2022:8250"]}, {"type": "rustsec", "idList": ["RUSTSEC-2022-0032"]}, {"type": "slackware", "idList": ["SSA-2022-124-02", "SSA-2022-174-01", "SSA-2022-179-01", "SSA-2022-179-03", "SSA-2022-186-01", "SSA-2022-227-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:2328-1", "OPENSUSE-SU-2022:2361-1", "SUSE-SU-2022:1883-1", "SUSE-SU-2022:2102-1", "SUSE-SU-2022:2251-1", "SUSE-SU-2022:2251-2", "SUSE-SU-2022:2305-1", "SUSE-SU-2022:2306-1", "SUSE-SU-2022:2308-1", "SUSE-SU-2022:2321-1", "SUSE-SU-2022:2327-1", "SUSE-SU-2022:2327-2", "SUSE-SU-2022:2328-1", "SUSE-SU-2022:2360-1", "SUSE-SU-2022:2361-1", "SUSE-SU-2022:2671-1", "SUSE-SU-2022:2672-1", "SUSE-SU-2022:2825-1", "SUSE-SU-2022:2959-1", "SUSE-SU-2022:2959-2"]}, {"type": "thn", "idList": ["THN:BF4AE09A315FD10E056B189C3AD06B28"]}, {"type": "ubuntu", "idList": ["USN-5402-1", "USN-5402-2", "USN-5488-1", "USN-5488-2", "USN-5495-1", "USN-5498-1", "USN-5499-1", "USN-5502-1", "USN-5507-1", "USN-5583-1", "USN-5583-2", "USN-5627-1", "USN-5627-2", "USN-5921-1", "USN-5995-1", "USN-6038-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-1292", "UB:CVE-2022-1586", "UB:CVE-2022-1785", "UB:CVE-2022-1897", "UB:CVE-2022-1927", "UB:CVE-2022-2068", "UB:CVE-2022-2097", "UB:CVE-2022-2526", "UB:CVE-2022-29154", "UB:CVE-2022-30631", "UB:CVE-2022-32206", "UB:CVE-2022-32208"]}, {"type": "veracode", "idList": ["VERACODE:35474", "VERACODE:35968", "VERACODE:36086", "VERACODE:36189", "VERACODE:36190", "VERACODE:36271", "VERACODE:36480", "VERACODE:36620", "VERACODE:36629", "VERACODE:36636", "VERACODE:36642", "VERACODE:37412"]}]}, "score": {"value": 2.1, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-1292", "epss": 0.66207, "percentile": 0.97371, "modified": "2023-05-02"}, {"cve": "CVE-2022-1586", "epss": 0.00095, "percentile": 0.3887, "modified": "2023-05-02"}, {"cve": "CVE-2022-1785", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1897", "epss": 0.00055, "percentile": 0.20809, "modified": "2023-05-02"}, {"cve": "CVE-2022-1927", "epss": 0.00053, "percentile": 0.18976, "modified": "2023-05-02"}, {"cve": "CVE-2022-2068", "epss": 0.26569, "percentile": 0.9604, "modified": "2023-05-02"}, {"cve": "CVE-2022-2097", "epss": 0.00131, "percentile": 0.46617, "modified": "2023-05-02"}, {"cve": "CVE-2022-2526", "epss": 0.00091, "percentile": 0.37666, "modified": "2023-05-02"}, {"cve": "CVE-2022-29154", "epss": 0.00053, "percentile": 0.18865, "modified": "2023-05-02"}, {"cve": "CVE-2022-30631", "epss": 0.00056, "percentile": 0.21045, "modified": "2023-05-02"}, {"cve": "CVE-2022-32206", "epss": 0.00072, "percentile": 0.29269, "modified": "2023-05-02"}, {"cve": "CVE-2022-32208", "epss": 0.00138, "percentile": 0.47799, "modified": "2023-05-02"}], "vulnersScore": 2.1}, "_state": {"dependencies": 1685832767, "score": 1685805739, "epss": 0}, "_internal": {"score_hash": "50879f2ddf8921d2f4b8fddaf16e8eee"}, "affectedPackage": [], "vendorCvss": {"severity": "moderate"}}

{"redhat": [{"lastseen": "2023-06-03T15:19:08", "description": "The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures.\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T05:48:25", "type": "redhat", "title": "(RHSA-2022:6184) Important: Self Node Remediation Operator 0.4.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-30631"], "modified": "2022-08-25T05:48:42", "id": "RHSA-2022:6184", "href": "https://access.redhat.com/errata/RHSA-2022:6184", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Logging Subsystem 5.4.5 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T13:30:30", "type": "redhat", "title": "(RHSA-2022:6183) Moderate: Logging Subsystem 5.4.5 Security and Bug Fix Update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-30631", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-06T13:30:39", "id": "RHSA-2022:6183", "href": "https://access.redhat.com/errata/RHSA-2022:6183", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.5.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)\n\n* Submariner addon status doesn't track all deployment failures (BZ# 2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ# 2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-13T18:29:42", "type": "redhat", "title": "(RHSA-2022:6507) Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1012", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-31129", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-32250", "CVE-2022-36067"], "modified": "2022-09-13T18:29:51", "id": "RHSA-2022:6507", "href": "https://access.redhat.com/errata/RHSA-2022:6507", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Multicluster Engine for Kubernetes 2.0.2 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.\n\nSecurity updates:\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fix:\n\n* MCE 2.0.2 images (BZ# 2104569)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-12T19:32:29", "type": "redhat", "title": "(RHSA-2022:6422) Critical: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-31129", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-36067"], "modified": "2022-09-12T19:32:46", "id": "RHSA-2022:6422", "href": "https://access.redhat.com/errata/RHSA-2022:6422", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2022:6102\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-x86_64\n\nThe image digest is sha256:97410a5db655a9d3017b735c2c0747c849d09ff551765e49d5272b80c024a844\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-s390x\n\nThe image digest is sha256:13734de7e796e46f5403ef9ee918be88c12fdc9b73acb8777e0cc7c56a276794\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-ppc64le\n\nThe image digest is sha256:d0019b6b8b32cc9fea06562e6ce175086fa7de7b2b7dce171a8ac1a57f92f10b\n\n(For aarch64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-aarch64\n\nThe image digest is sha256:3394a79e173ac17bc96a7256665701d3d7e2a95535a12f2ceb19ceb41dcd6b79 \n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-23T15:00:01", "type": "redhat", "title": "(RHSA-2022:6103) Moderate: OpenShift Container Platform 4.11.1 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1012", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-30629", "CVE-2022-30631", "CVE-2022-32250"], "modified": "2022-08-23T15:01:59", "id": "RHSA-2022:6103", "href": "https://access.redhat.com/errata/RHSA-2022:6103", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Release osp-director-operator images\n\nSecurity Fix(es):\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read [important]\n* CVE-2021-41103 golang: containerd: insufficiently restricted permissions on container root and plugin directories [medium]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T12:42:43", "type": "redhat", "title": "(RHSA-2022:6517) Important: Release of containers for OSP 16.2.z director operator tech preview", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41103", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-30631"], "modified": "2022-09-14T12:42:57", "id": "RHSA-2022:6517", "href": "https://access.redhat.com/errata/RHSA-2022:6517", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-04T04:21:14", "description": "Release of RHACS 3.72 provides these changes:\n\nNew features\n* Automatic removal of nonactive clusters from RHACS: RHACS provides the ability to configure your system to automatically remove nonactive clusters from RHACS so that you can monitor active clusters only. \n* Support for unauthenticated email integration: RHACS now supports unauthenticated SMTP for email integrations. This is insecure and not recommended.\n* Support for Quay robot accounts: RHACS now supports use of robot accounts in quay.io integrations. You can create robot accounts in Quay that allow you to share credentials for use in multiple repositories.\n* Ability to view Dockerfile lines in images that introduced components with Common Vulnerabilities and Exposures (CVEs): In the Images view, under Image Findings, you can view individual lines in the Dockerfile that introduced the components that have been identified as containing CVEs.\n* Network graph improvements: RHACS 3.72 includes some improvements to the Network Graph user interface.\n\nKnown issue\n* RHACS shows the wrong severity when two severities exist for a single vulnerability in a single distribution. This issue occurs because RHACS scopes severities by namespace rather than component. There is no workaround. It is anticipated that an upcoming release will include a fix for this issue. (ROX-12527)\n\nBug fixes\n* Before this update, the steps to configure OpenShift Container Platform OAuth for more than one URI were missing. The documentation has been revised to include instructions for configuring OAuth in OpenShift Container Platform to use more than one URI. For more information, see Creating additional routes for the OpenShift Container Platform OAuth server. (ROX-11296)\n* Before this update, the autogenerated image integration, such as a Docker registry integration, for a cluster is not deleted when the cluster is removed from Central. This issue is fixed. (ROX-9398)\n* Before this update, the Image OS policy criteria did not support regular expressions, or regex. However, the documentation indicated that regular expressions were supported. This issue is fixed by adding support for regular expressions for the Image OS policy criteria. (ROX-12301)\n* Before this update, the syslog integration did not respect a configured TCP proxy. This is now fixed.\n* Before this update, the scanner-db pod failed to start when a resource quota was set for the stackrox namespace, because the init-db container in the pod did not have any resources assigned to it. The init-db container for ScannerDB now specifies resource requests and limits that match the db container. (ROX-12291)\n\nNotable technical changes\n* Scanning support for Red Hat Enterprise Linux 9: RHEL 9 is now generally available (GA). RHACS 3.72 introduces support for analyzing images built with Red Hat Universal Base Image (UBI) 9 and Red Hat Enterprise Linux (RHEL) 9 RPMs for vulnerabilities.\n* Policy for CVEs with fixable CVSS of 6 or greater disabled by default: Beginning with this release, the Fixable CVSS >= 6 and Privileged policy is no longer enabled by default for new RHACS installations. The configuration of this policy is not changed when upgrading an existing system. A new policy Privileged Containers with Important and Critical Fixable CVEs, which gives an alert for containers running in privileged mode that have important or critical fixable vulnerabilities, has been added.\n\nSecurity Fix(es)\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-26T15:24:52", "type": "redhat", "title": "(RHSA-2022:6714) Moderate: RHACS 3.72 enhancement and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2022-0391", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-28327", "CVE-2022-29154", "CVE-2022-29526", "CVE-2022-30631", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903"], "modified": "2022-09-26T15:25:11", "id": "RHSA-2022:6714", "href": "https://access.redhat.com/errata/RHSA-2022:6714", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-04T04:21:14", "description": "OpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime.\n\nThis advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix.\n\nSpace precludes documenting all of the updates to OpenShift sandboxed\ncontainers in this advisory. See the following Release Notes documentation,\nwhich will be updated shortly for this release, for details about these\nchanges:\n\nhttps://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T21:26:08", "type": "redhat", "title": "(RHSA-2022:7058) Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2022-0391", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-24675", "CVE-2022-2832", "CVE-2022-29154", "CVE-2022-30632", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903", "CVE-2022-40674"], "modified": "2022-10-19T21:35:57", "id": "RHSA-2022:7058", "href": "https://access.redhat.com/errata/RHSA-2022:7058", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Logging Subsystem 5.5.1 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T16:58:48", "type": "redhat", "title": "(RHSA-2022:6344) Moderate: Logging Subsystem 5.5.1 Security and Bug Fix Update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1705", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-30631", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-06T16:59:08", "id": "RHSA-2022:6344", "href": "https://access.redhat.com/errata/RHSA-2022:6344", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.11.3. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:6286\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.3-x86_64\n\nThe image digest is sha256:1ce5676839bca4f389cdc1c3ddc1a78ab033d4c554453ca7ef61a23e34da0803\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.3-s390x\n\nThe image digest is sha256:a1aa4c51af3b69b3dfc998c533b40ce7123f0a5e5e70910a4ea42e37493307b7\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.3-ppc64le\n\nThe image digest is sha256:b80afcee6747011412d703745acad28beacd6c659462fe341ffdb3fdb7fbb288\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-07T20:37:32", "type": "redhat", "title": "(RHSA-2022:6287) Moderate: OpenShift Container Platform 4.11.3 packages and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38561", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-07T20:40:58", "id": "RHSA-2022:6287", "href": "https://access.redhat.com/errata/RHSA-2022:6287", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Logging Subsystem 5.5.0 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-18T16:00:25", "type": "redhat", "title": "(RHSA-2022:6051) Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38561", "CVE-2022-0759", "CVE-2022-1012", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21698", "CVE-2022-30631", "CVE-2022-32250"], "modified": "2022-08-18T16:00:42", "id": "RHSA-2022:6051", "href": "https://access.redhat.com/errata/RHSA-2022:6051", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:09", "description": "Vim (Vi IMproved) is an updated and improved version of the vi editor.\n\nSecurity Fix(es):\n\n* vim: Out-of-bounds Write (CVE-2022-1785)\n\n* vim: out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897)\n\n* vim: buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-02T06:59:03", "type": "redhat", "title": "(RHSA-2022:5813) Moderate: vim security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927"], "modified": "2022-08-02T07:46:50", "id": "RHSA-2022:5813", "href": "https://access.redhat.com/errata/RHSA-2022:5813", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Vim (Vi IMproved) is an updated and improved version of the vi editor.\n\nSecurity Fix(es):\n\n* vim: Out-of-bounds Write (CVE-2022-1785)\n\n* vim: out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897)\n\n* vim: buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T09:32:59", "type": "redhat", "title": "(RHSA-2022:5942) Moderate: vim security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927"], "modified": "2022-08-09T10:12:13", "id": "RHSA-2022:5942", "href": "https://access.redhat.com/errata/RHSA-2022:5942", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:09", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\n* openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-02T07:00:02", "type": "redhat", "title": "(RHSA-2022:5818) Moderate: openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-08-02T07:46:59", "id": "RHSA-2022:5818", "href": "https://access.redhat.com/errata/RHSA-2022:5818", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-04T04:21:14", "description": "This release of Red Hat OpenShift distributed tracing provides these changes:\n\nSecurity Fix(es):\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T12:51:53", "type": "redhat", "title": "(RHSA-2022:7055) Moderate: RHOSDT 2.6.0 operator/operand containers Security Update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2021-3918", "CVE-2022-0391", "CVE-2022-0536", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1650", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-24785", "CVE-2022-31129", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903"], "modified": "2022-10-19T12:52:24", "id": "RHSA-2022:7055", "href": "https://access.redhat.com/errata/RHSA-2022:7055", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix security issues and several bugs. See the following Release Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n\n* CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\nBug fixes:\n\n* assisted-service repo pin-latest.py script should allow custom tags to be pinned (BZ# 2065661)\n\n* assisted-service-build image is too big in size (BZ# 2066059)\n\n* assisted-service pin-latest.py script should exclude the postgres image (BZ# 2076901)\n\n* PXE artifacts need to be served via HTTP (BZ# 2078531)\n\n* Implementing new service-agent protocol on agent side (BZ# 2081281)\n\n* RHACM 2.6.0 images (BZ# 2090906)\n\n* Assisted service POD keeps crashing after a bare metal host is created (BZ# 2093503)\n\n* Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled (BZ# 2096106)\n\n* Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)\n\n* Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB (BZ# 2099277)\n\n* The pre-selected search keyword is not readable (BZ# 2107736)\n\n* The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI (BZ# 2111843)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T21:05:46", "type": "redhat", "title": "(RHSA-2022:6370) Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1012", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-28131", "CVE-2022-29154", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-31129", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-32250"], "modified": "2022-09-06T21:06:11", "id": "RHSA-2022:6370", "href": "https://access.redhat.com/errata/RHSA-2022:6370", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Multicluster engine for Kubernetes 2.1 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.\n\nSecurity fixes:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n* CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n\nBug fixes:\n\n* MCE 2.1.0 Images (BZ# 2090907)\n\n* cluster-proxy-agent not able to startup (BZ# 2109394)\n\n* Create cluster button skips Infrastructure page, shows blank page (BZ# 2110713)\n\n* AWS Icon sometimes doesn't show up in create cluster wizard (BZ# 2110734)\n\n* Infrastructure descriptions in create cluster catalog should be consistent and clear (BZ# 2110811)\n\n* The user with clusterset view permission should not able to update the namespace binding with the pencil icon on clusterset details page (BZ# 2111483)\n\n* hypershift cluster creation -> not all agent labels are shown in the node pools screen (BZ# 2112326)\n\n* CIM - SNO expansion, worker node status incorrect (BZ# 2114735)\n\n* Wizard fields are not pre-filled after picking credentials (BZ# 2117163)\n\n* ManagedClusterImageRegistry CR is wrong in pure MCE env", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T12:02:07", "type": "redhat", "title": "(RHSA-2022:6345) Moderate: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-28131", "CVE-2022-29154", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-31129", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-06T12:03:04", "id": "RHSA-2022:6345", "href": "https://access.redhat.com/errata/RHSA-2022:6345", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-31T13:08:42", "type": "redhat", "title": "(RHSA-2022:6271) Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26116", "CVE-2020-26137", "CVE-2021-3177", "CVE-2021-40528", "CVE-2022-1012", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2526", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-29154", "CVE-2022-29824", "CVE-2022-31129", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-32250"], "modified": "2022-08-31T13:09:00", "id": "RHSA-2022:6271", "href": "https://access.redhat.com/errata/RHSA-2022:6271", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-08-24T15:12:40", "type": "redhat", "title": "(RHSA-2022:6159) Moderate: curl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-08-24T15:12:58", "id": "RHSA-2022:6159", "href": "https://access.redhat.com/errata/RHSA-2022:6159", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T04:21:14", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.4.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several security issues and several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity fixes:\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n\n* nodejs16: CRLF injection in node-undici (CVE-2022-31150)\n\n* nodejs/undici: Cookie headers uncleared on cross-origin redirect (CVE-2022-31151)\n\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)\n\n* vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes (BZ# 2074766)\n\n* cluster update status is stuck, also update is not even visible (BZ# 2079418)\n\n* Policy that creates cluster role is showing as not compliant due to Request entity too large message (BZ# 2088486)\n\n* Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster (BZ# 2089490)\n\n* ACM Console Becomes Unusable After a Time (BZ# 2097464)\n\n* RHACM 2.4.6 images (BZ# 2100613)\n\n* Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster (BZ# 2102436)\n\n* ManagedClusters in Pending import state after ACM hub migration (BZ# 2102495)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-26T11:54:51", "type": "redhat", "title": "(RHSA-2022:6696) Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2021-40528", "CVE-2022-0391", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2526", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-29154", "CVE-2022-29824", "CVE-2022-30629", "CVE-2022-31129", "CVE-2022-31150", "CVE-2022-31151", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903", "CVE-2022-36067"], "modified": "2022-09-26T11:55:21", "id": "RHSA-2022:6696", "href": "https://access.redhat.com/errata/RHSA-2022:6696", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-07T15:08:47", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-12T12:20:51", "type": "redhat", "title": "(RHSA-2022:8917) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2022-12-12T12:21:06", "id": "RHSA-2022:8917", "href": "https://access.redhat.com/errata/RHSA-2022:8917", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-07T15:08:47", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-12T12:28:19", "type": "redhat", "title": "(RHSA-2022:8913) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2022-12-12T12:28:36", "id": "RHSA-2022:8913", "href": "https://access.redhat.com/errata/RHSA-2022:8913", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T01:22:40", "type": "redhat", "title": "(RHSA-2022:6290) Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3634", "CVE-2021-40528", "CVE-2022-1271", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21698", "CVE-2022-24675", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-26691", "CVE-2022-28327", "CVE-2022-29154", "CVE-2022-29824", "CVE-2022-30629", "CVE-2022-30631", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-01T01:22:52", "id": "RHSA-2022:6290", "href": "https://access.redhat.com/errata/RHSA-2022:6290", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Gatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include bug\nfixes and container upgrades. \n\nNote: Gatekeeper support from the Red Hat support team is limited to where it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/.\n\nSecurity fix:\n\n* CVE-2022-30629: gatekeeper-container: golang: crypto/tls: session tickets lack random ticket_age_add\n\n* CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header\n\n* CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630: golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T12:02:43", "type": "redhat", "title": "(RHSA-2022:6348) Moderate: Gatekeeper Operator v0.2 security and container updates", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40528", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-28131", "CVE-2022-29824", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-06T12:03:05", "id": "RHSA-2022:6348", "href": "https://access.redhat.com/errata/RHSA-2022:6348", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-31T18:47:41", "type": "redhat", "title": "(RHSA-2022:6283) Moderate: Red Hat OpenShift Service Mesh 2.2.2 Containers security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-31107", "CVE-2022-32148"], "modified": "2022-11-10T07:54:10", "id": "RHSA-2022:6283", "href": "https://access.redhat.com/errata/RHSA-2022:6283", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS (CVE-2022-1343)\n\n* openssl: OPENSSL_LH_flush() breaks reuse of memory (CVE-2022-1473)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\n* openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* openssl occasionally sends internal error to gnutls when using FFDHE (BZ#2080323)\n\n* openssl req defaults to 3DES (BZ#2085499)\n\n* OpenSSL accepts custom elliptic curve parameters when p is large [rhel-9] (BZ#2085508)\n\n* OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode (BZ#2085521)\n\n* openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 (BZ#2086554)\n\n* Converting FIPS power-on self test to KAT (BZ#2086866)\n\n* Small RSA keys work for some operations in FIPS mode (BZ#2091938)\n\n* FIPS provider doesn't block RSA encryption for key transport (BZ#2091977)\n\n* OpenSSL testsuite certificates expired (BZ#2095696)\n\n* [IBM 9.1 HW OPT] POWER10 performance enhancements for cryptography: OpenSSL (BZ#2103044)\n\n* [FIPS lab review] self-test (BZ#2112978)\n\n* [FIPS lab review] DH tuning (BZ#2115856)\n\n* [FIPS lab review] EC tuning (BZ#2115857)\n\n* [FIPS lab review] RSA tuning (BZ#2115858)\n\n* [FIPS lab review] RAND tuning (BZ#2115859)\n\n* [FIPS lab review] zeroization (BZ#2115861)\n\n* [FIPS lab review] HKDF limitations (BZ#2118388)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-30T15:46:32", "type": "redhat", "title": "(RHSA-2022:6224) Moderate: openssl security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1343", "CVE-2022-1473", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-08-30T15:47:09", "id": "RHSA-2022:6224", "href": "https://access.redhat.com/errata/RHSA-2022:6224", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T02:08:24", "type": "redhat", "title": "(RHSA-2022:6430) Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3634", "CVE-2021-40528", "CVE-2022-1271", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21698", "CVE-2022-24675", "CVE-2022-2526", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-26691", "CVE-2022-29154", "CVE-2022-29824", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-13T02:08:38", "id": "RHSA-2022:6430", "href": "https://access.redhat.com/errata/RHSA-2022:6430", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: Unpreserved file permissions (CVE-2022-32207)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-24T14:56:48", "type": "redhat", "title": "(RHSA-2022:6157) Moderate: curl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32206", "CVE-2022-32207", "CVE-2022-32208"], "modified": "2022-08-24T14:57:14", "id": "RHSA-2022:6157", "href": "https://access.redhat.com/errata/RHSA-2022:6157", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.\n\nThis advisory contains bug fixes and enhancements to the Submariner container images.\n\nSecurity fixes:\n\n* CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n* CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T12:02:19", "type": "redhat", "title": "(RHSA-2022:6346) Moderate: RHSA: Submariner 0.13 - security and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38561", "CVE-2021-40528", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-28131", "CVE-2022-29824", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-06T12:03:04", "id": "RHSA-2022:6346", "href": "https://access.redhat.com/errata/RHSA-2022:6346", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform\nthat combines the most stable version of the Ceph storage system with a\nCeph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 5.2 and Red Hat\nEnterprise Linux 8.6 and Red Hat Enterprise Linux 9.\n\nSpace precludes documenting all of these changes in this advisory. Users\nare directed to the Red Hat Ceph Storage Release Notes for information on\nthe most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from\nthe Red Hat Ecosystem catalog, which provides numerous enhancements and bug\nfixes.\n\nSecurity Fix(es):\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:21:56", "type": "redhat", "title": "(RHSA-2022:6024) Moderate: New container image for Red Hat Ceph Storage 5.2 Security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40528", "CVE-2021-43813", "CVE-2022-0670", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21673", "CVE-2022-22576", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-27774", "CVE-2022-27776", "CVE-2022-27782", "CVE-2022-29824"], "modified": "2022-08-09T20:22:27", "id": "RHSA-2022:6024", "href": "https://access.redhat.com/errata/RHSA-2022:6024", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:08", "description": "This is an updated release of the Node Maintenance Operator. The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, administrators can proactively power down nodes, move workloads to other parts of the cluster, and ensure that workloads do not get interrupted.\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T11:19:13", "type": "redhat", "title": "(RHSA-2022:6188) Important: Node Maintenance Operator 4.11.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-32148"], "modified": "2022-08-25T11:19:26", "id": "RHSA-2022:6188", "href": "https://access.redhat.com/errata/RHSA-2022:6188", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-04T04:21:14", "description": "Openshift Logging Bug Fix Release (5.3.12)\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2022-09-26T09:05:47", "type": "redhat", "title": "(RHSA-2022:6560) Moderate: Openshift Logging Bug Fix Release and Security Update (5.3.12)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "COMPLETE", "baseScore": 8.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:C/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2022-0391", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-29154", "CVE-2022-30631", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903"], "modified": "2022-09-26T09:06:15", "id": "RHSA-2022:6560", "href": "https://access.redhat.com/errata/RHSA-2022:6560", "cvss": {"score": 8.0, "vector": "AV:N/AC:L/Au:S/C:P/I:C/A:P"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.6.61. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:6261\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nSecurity Fix(es):\n\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.61-x86_64\n\nThe image digest is sha256:59fcf77d73e43fc5f458dbf4c6c0c1c5e07aaca55282ecaa2c8397c83362627a\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.61-s390x\n\nThe image digest is sha256:9eb9af3e80d43300e44c46dc9e55d5b11f718082ab68fe2b10da9d3b562d1620\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.61-ppc64le\n\nThe image digest is sha256:3571d61b480306030e0838a86db570177e15287b393c8059e8f2fbe50612d816\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-09T04:57:19", "type": "redhat", "title": "(RHSA-2022:6262) Important: OpenShift Container Platform 4.6.61 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226", "CVE-2022-1353", "CVE-2022-21540", "CVE-2022-21541", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-30631", "CVE-2022-34169"], "modified": "2022-09-09T04:58:35", "id": "RHSA-2022:6262", "href": "https://access.redhat.com/errata/RHSA-2022:6262", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-06-06T17:47:02", "description": "## Summary\n\nMultiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.6-x packages: openssl, pcre2 and Golang Go, that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1962](<https://vulners.com/cve/CVE-2022-1962>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a stack exhaustion flaw in all Parse* functions. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-1586](<https://vulners.com/cve/CVE-2022-1586>) \n** DESCRIPTION: **PCRE2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the compile_xclass_matchingpath() function in the pcre2_jit_compile.c file. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226863](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226863>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-1292](<https://vulners.com/cve/CVE-2022-1292>) \n** DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225619](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225619>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MQ Operator| EUS release 1.3.6 and LTS Release 2.0.1 \nIBM supplied MQ Advanced container images| v9.2.0.6-r1 and v9.3.0.0-r2 \n \n\n\n## Remediation/Fixes\n\nIssues listed by this security bulletin are addressed in IBM MQ Operator 2.0.2 LTS release that included IBM supplied MQ Advanced 9.3.0.0 container images and IBM MQ Operator 1.3.7 EUS release that included IBM supplied MQ Advanced 9.2.0.6 container images. \n\nIBM MQ Operator 2.0.2 LTS release details:\n\n**Image**| **Fix Version**| **Registry**| **Image Location** \n---|---|---|--- \nibm-mq-operator| 2.0.2| icr.io| icr.io/cpopen/ibm-mq-operator@sha256:25e6a931256553b5a22c6cdc7b75618919918a5b3cc4ebf3552011e2f1cbd2d7 \nibm-mqadvanced-server| 9.3.0.0-r3| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server@sha256:b84a3bdcbbc480d6d4268a9e662a5a30cc2fd3dc45100e7591edd330f8edf80d \nibm-mqadvanced-server-integration| 9.3.0.0-r3| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:77ed05f946e9af9be08d29f8bcaced16c636c69fe7e7f9f517e7fb048c683d98 \nibm-mqadvanced-server-dev| 9.3.0.0-r3| icr.io| icr.io/ibm-messaging/mq@sha256:cc5c5c7deba44f295723b670c6834ee64babc0b47b6e9df5c267390a0c5fc3ce \n \nIBM MQ Operator 1.3.7 EUS release details:\n\n**Image**| **Fix Version**| **Registry**| **Image Location** \n---|---|---|--- \nibm-mq-operator| 1.3.7| icr.io| icr.io/cpopen/ibm-mq-operator@sha256:a9de15036892531832006c0ae0e6740f0533af54e1b8fa52170dd2ed0b5349b7 \nibm-mqadvanced-server-integration| 9.2.0.6-r2-eus| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:c1e5ee8b0d36e88a2e9f59dcc24923440a0eb33b60b0a71907fe4f0338acdfef \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-31T16:17:06", "type": "ibm", "title": "Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-08-31T16:17:06", "id": "00E427FDE1ED2FCC942B37A9297706D3A726FAC519A340420CCF652F75075CF5", "href": "https://www.ibm.com/support/pages/node/6616631", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:41:42", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to to arbitrary code execution in Vim caused by an out-of-bounds write in function: vim_regsub_both (CVE-2022-1785, CVE-2022-1897) and a buffer over-read in function: utf_ptr2char (CVE-2022-1927). Vim is used as part of the base image included in our service components. Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1785](<https://vulners.com/cve/CVE-2022-1785>) \n** DESCRIPTION: **Vim could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in function vim_regsub_both at regexp.c. By opening a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227016](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227016>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H) \n \n** CVEID: **[CVE-2022-1897](<https://vulners.com/cve/CVE-2022-1897>) \n** DESCRIPTION: **Vim could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in function vim_regsub_both. By persuading a victim to run a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227525](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227525>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1927](<https://vulners.com/cve/CVE-2022-1927>) \n** DESCRIPTION: **Vim could allow a remote attacker to execute arbitrary code on the system, caused by a buffer over-read in function utf_ptr2char. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227562>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.5.4 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| [**4.6**](<https://www.ibm.com/docs/en/cloud-paks/cp-data>)| **[The fix in 4.6 applies to all versions listed (4.0.0-4.5.4). Version 4.6 can be downloaded and installed from: ](<https://www.ibm.com/docs/en/cloud-paks/cp-data>) \n<https://www.ibm.com/docs/en/cloud-paks/cp-data> \n** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Vim (CVE-2022-1785, CVE-2022-1897, CVE-2022-1927)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927"], "modified": "2023-01-12T21:59:00", "id": "4755FB3CE3C36A79DA9DEF921D1C61A8971606D4BA507E8F90C7BCDDF87DEFCF", "href": "https://www.ibm.com/support/pages/node/6843875", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:47:36", "description": "## Summary\n\nA vulnerability in OpenSSL could allow a remote attacker to execute arbitrary commands (CVE-2022-1292 and CVE-2022-2068) or obtain sensitive information (CVE-2022-2097). OpenSSL is used by AIX as part of AIX's secure network communications.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n**DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2022-1292](<https://vulners.com/cve/CVE-2022-1292>) \n**DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225619](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225619>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nAIX | 7.1 \nAIX | 7.2 \nAIX | 7.3 \nVIOS | 3.1 \n \nThe following fileset levels are vulnerable:\n\nFileset | Lower Level | Upper Level \n---|---|--- \nopenssl.base | 1.0.2.500 | 1.0.2.2104 \nopenssl.base | 1.1.1.0 | 1.1.1.1201 \nopenssl.base | 1.1.2.0 | 1.1.2.1201 \nopenssl.base | 20.13.102.1000 | 20.16.102.2105 \n \nNote:\n\nA. 0.9.8, 1.0.1 OpenSSL versions are out-of-support. Customers are advised to upgrade to currently supported OpenSSL 1.0.2 or 1.1.1 version.\n\nB. Latest level of OpenSSL fileset is available from the web download site:\n\n[https://www-01.ibm.com/marketing/iwm/iwm/web/pickUrxNew.do?source=aixbp&S_PKG=openssl](<https://www-01.ibm.com/marketing/iwm/iwm/web/pickUrxNew.do?source=aixbp&S_PKG=openssl>)\n\nC. CVE-2022-2097 only applies to OpenSSL 1.1.1 version.\n\nTo find out whether the affected filesets are installed on your systems, refer to the lslpp command found in the AIX user's guide.\n\nExample: lslpp -L | grep -i openssl.base\n\n## Remediation/Fixes\n\n**A. FIXES**\n\nIBM strongly recommends addressing the vulnerability now.\n\nThe fixes can be downloaded via ftp or http from:\n\nftp://aix.software.ibm.com/aix/efixes/security/openssl_fix36.tar\n\n<http://aix.software.ibm.com/aix/efixes/security/openssl_fix36.tar>\n\n<https://aix.software.ibm.com/aix/efixes/security/openssl_fix36.tar>\n\nThe links above are to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels.\n\nNote that the tar file contains Interim fixes that are based on OpenSSL version, and AIX OpenSSL fixes are cumulative. If an OpenSSL fileset with VMRF higher than the affected level listed above is available from the web download site, then that fileset is the recommended remediation. The OpenSSL 1.0.2 version shared objects provided in the library of OpenSSL 1.1.1 version is remediated.\n\nApplying the fix addresses all OpenSSL vulnerabilities reported up to and including community OpenSSL versions 1.0.2zf and 1.1.1q.\n\nYou must be on the 'prereq for installation' level before applying the interim fix. This may require installing a new level(prereq version) first.\n\nAIX Level | Interim Fix | Fileset Name(prereq for installation) \n---|---|--- \n7.1, 7.2, 7.3 | 1022104a.220804.epkg.Z | openssl.base(1.0.2.2104) \n7.1, 7.2, 7.3 | 1111201a.220804.epkg.Z | openssl.base(1.1.1.1201) \n7.1, 7.2, 7.3 | 1121201a.220804.epkg.Z | openssl.base(1.1.2.1201) \n7.1, 7.2, 7.3 | fips2105a.220804.epkg.Z | openssl.base(20.16.102.2105) \nVIOS Level | Interim Fix | Fileset Name(prereq for installation) \n---|---|--- \n3.1.x | 1022104a.220804.epkg.Z | openssl.base(1.0.2.2104) \n3.1.x | 1111201a.220804.epkg.Z | openssl.base(1.1.1.1201) \n3.1.x | 1121201a.220804.epkg.Z | openssl.base(1.1.2.1201) \n3.1.x | fips2105a.220804.epkg.Z | openssl.base(20.16.102.2105) \n \nTo extract the fixes from the tar file:\n\ntar xvf openssl_fix36.tar\n\ncd openssl_fix36\n\nVerify you have retrieved the fixes intact:\n\nThe checksums below were generated using the \"openssl dgst -sha256 [file]\" command as the following:\n\nopenssl dgst -sha256 | filename \n---|--- \n63ca3a57ce6621127bf11e51016d0c4f794d5c6ec89e42361b6ee0afa2058007 | 1022104a.220804.epkg.Z \n53a7ed673ddeb7733cba3ca332d66b0f65289321c7e6954ee516cf90cc28516e | 1111201a.220804.epkg.Z \nb68d1b147b0937186ef40c58d30a1668dd2f84f8b651d9b2d84e41980cca60f7 | 1121201a.220804.epkg.Z \na6a02a949be43b8ca5bcff4e25f4585482887d8320b46f0d05b54a54a1af4654 | fips2105a.220804.epkg.Z \n \nThese sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes. If the sums or signatures cannot be confirmed, contact IBM AIX Support at <https://ibm.com/support/> and describe the discrepancy.\n\nopenssl dgst -sha256 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n\nopenssl dgst -sha256 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\nPublished advisory OpenSSL signature file location:\n\n<http://aix.software.ibm.com/aix/efixes/security/openssl_advisory36.asc.sig>\n\n<https://aix.software.ibm.com/aix/efixes/security/openssl_advisory36.asc.sig>\n\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory36.asc.sig\n\n**B. FIX AND INTERIM FIX INSTALLATION**\n\nInterim fixes have had limited functional and regression\n\ntesting but not the full regression testing that takes place\n\nfor Service Packs; however, IBM does fully support them.\n\nInterim fix management documentation can be found at:\n\n<http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html>\n\nTo preview an interim fix installation:\n\nemgr -e ipkg_name -p # where ipkg_name is the name of the\n\n# interim fix package being previewed.\n\nTo install an interim fix package:\n\nemgr -e ipkg_name -X # where ipkg_name is the name of the\n\n# interim fix package being installed.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-19T16:02:33", "type": "ibm", "title": "Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2022-1292 and CVE-2022-2068) or an attacker may obtain sensitive information (CVE-2022-2097) due to OpenSSL", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-08-19T16:02:33", "id": "2BD451F728498A459873394799F530D4D51F43311EBB3F67033751E1E24230B4", "href": "https://www.ibm.com/support/pages/node/6613431", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:41:04", "description": "## Summary\n\nMultiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1292](<https://vulners.com/cve/CVE-2022-1292>) \n** DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225619](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225619>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server| 11.7 \n \n\n\n## Remediation/Fixes\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud| 11.7| [DT188781](<https://www.ibm.com/mysupport/aCI3p000000LCvT> \"DT188781\" ) \n| \\--Apply InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/docview.wss?uid=ibm10878310> \"11.7.1.0\" ) \n\\--Apply InfoSphere Information Server version [11.7.1.4](<https://www.ibm.com/support/pages/node/6620275> \"11.7.1.4\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-25T16:00:36", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2023-01-25T16:00:36", "id": "2D1E0AF86890024DCD58C335D3F87CC6F19FEB1FAF93A7135042D81C1A434957", "href": "https://www.ibm.com/support/pages/node/6857607", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:46:55", "description": "## Summary\n\nMultiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak prior to 21.0.4\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1785](<https://vulners.com/cve/CVE-2022-1785>) \n** DESCRIPTION: **Vim could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in function vim_regsub_both at regexp.c. By opening a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227016](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227016>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H) \n \n** CVEID: **[CVE-2022-1897](<https://vulners.com/cve/CVE-2022-1897>) \n** DESCRIPTION: **Vim could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in function vim_regsub_both. By persuading a victim to run a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227525](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227525>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1927](<https://vulners.com/cve/CVE-2022-1927>) \n** DESCRIPTION: **Vim could allow a remote attacker to execute arbitrary code on the system, caused by a buffer over-read in function utf_ptr2char. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227562>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22476](<https://vulners.com/cve/CVE-2022-22476>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225604](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225604>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Robotic Process Automation for Cloud Pak| < 21.0.4 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Robotic Process Automation for Cloud Pak| < 21.0.4| Follow [instructions](<https://www.ibm.com/docs/en/rpa/21.0?topic=platform-preparing-applying-upgraded-custom-resource> \"instructions\" ) to update to 21.0.4 or higher. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-07T18:04:25", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak prior to 21.0.4", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-22476"], "modified": "2022-09-07T18:04:25", "id": "8CEFDEF4B4C0388189027A8FB575EC1F5C16BE39686B9B792A50797930492FB1", "href": "https://www.ibm.com/support/pages/node/6618771", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:42:09", "description": "## Summary\n\nVulnerabilities in libcurl such as denial of service and man-in-the-middle attacks may affect IBM Spectrum Copy Data Management.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-32206](<https://vulners.com/cve/CVE-2022-32206>) \n**DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable \"links\" in the \"chained\" HTTP compression algorithms. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to insert a virtually unlimited number of compression steps, and results in a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229740>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-32208](<https://vulners.com/cve/CVE-2022-32208>) \n**DESCRIPTION: **cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw in the handling of message verification failures. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to inject data to the client.. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229742>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Spectrum Copy Data Management | 2.2.0.0-2.2.16.0 \n \n## Remediation/Fixes\n\n**IBM Spectrum Copy Data Management** \n**Affected Versions**\n\n| \n\n**Fixing** \n**Level**\n\n| \n\n**Platform**\n\n| \n\n**Link to Fix and Instructions** \n \n---|---|---|--- \n \n2.2.0.0-2.2.16.0\n\n| \n\n2.2.17\n\n| \n\nLinux\n\n| \n\n<https://www.ibm.com/support/pages/node/6615291> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-10-07T18:12:33", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-32206, CVE-2022-32208)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-10-07T18:12:33", "id": "0505D8C5E11C0E99E93BD29F133B6B0ACD7C7D98BE2E3E46B53047D320E6B780", "href": "https://www.ibm.com/support/pages/node/6826393", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T17:40:52", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Rational ClearCase| 10.0.0 \nIBM Rational ClearCase| 9.1 \nIBM Rational ClearCase| 9.0.2 \n \n## Remediation/Fixes\n\nApply a fix pack as listed in the table below. The fix pack includes OpenSSL **1.1.1q.** \n \n\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n9.1 through 9.1.0.4| Install [Rational ClearCase Fix Pack 4 (9.1.0.4) for 9.1](<https://www.ibm.com/support/pages/node/6851557> \"Rational ClearCase Fix Pack 4 \$9.1.0.4\$ for 9.1\" ) \n9.0.2 through 9.0.2.7| Install [Rational ClearCase Fix Pack 7 (9.0.2.7) for 9.0.2](<https://www.ibm.com/support/pages/node/6851559> \"Rational ClearCase Fix Pack 7 \$9.0.2.7\$ for 9.0.2\" ) \n \n10.0.0 through 10.0.0.1 \n \n\n\n| Install [Rational ClearCase Fix Pack 1 (10.0.0.1) for 10.0.0](<https://www.ibm.com/support/pages/node/6851555> \"Rational ClearCase Fix Pack 1 \$10.0.0.1\$ for 10.0.0\" ) \n \n_For 9.0.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-31T14:04:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase (CVE-2022-2097, CVE-2022-2068)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2068", "CVE-2022-2097"], "modified": "2023-01-31T14:04:47", "id": "E3E1561E62C1342A9E57F3FDEAFCCD7BD9FDE04EC3809D8BA125EC1ABD1ECE37", "href": "https://www.ibm.com/support/pages/node/6855595", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:40:50", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n**DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Rational ClearQuest | 9.0.1 \nIBM Rational ClearQuest | 9.0.2 \nIBM Rational ClearQuest | 9.1 \n \n## Remediation/Fixes\n\nApply a fix pack as listed in the table below. The fix pack includes OpenSSL **1.1.1q.**\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n9.1 through 9.1.0.3 | Install [Rational ClearQuest Fix Pack 4 (9.1.0.4) for 9.1](<https://www.ibm.com/support/pages/node/6853667> \"Rational ClearQuest Fix Pack 3 \$9.1.0.3\$ for 9.1\" ) \n9.0.2 through 9.0.2.6 \n9.0.1 through 9.0.1.14 | Install [Rational ClearQuest Fix Pack 7 (9.0.2.7) for 9.0.2](<https://www.ibm.com/support/pages/node/6853665> \"Rational ClearQuest Fix Pack 6 \$9.0.2.6\$ for 9.0.2\" ) \n \n_For 9.0.0.x, 8.0.1.x, 8.0.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-01T05:38:24", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2022-2068, CVE-2022-2097)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2068", "CVE-2022-2097"], "modified": "2023-02-01T05:38:24", "id": "D0ECA589AFF43C5195AFD20F65884B7E577C50A6D0FDA18EAEDC8165498E1CC8", "href": "https://www.ibm.com/support/pages/node/6855543", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:42:10", "description": "## Summary\n\nOpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors for Network Transport. CVE-2022-2068 and CVE-2022-2097 are identified as potential risks for products using older versions of OpenSLL. These potential risks are resolved by updating IBM Tivoli Netcool System Service Monitors/Application Service Monitors to the current version of OpenSLL, 1.1.1r.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool System Service Monitors/Application Service Monitors| 4.0.1 \n \n\n\n## Remediation/Fixes\n\n_Product_| _VMRF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Netcool System Service Monitors/Application Service Monitors| 4.0.1 SP10| PSIRTs Only| [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Netcool+System+Service+Monitor&release=4.0.1.3&platform=All&function=fixId&fixids=4.0.1.3-TIV-SSM-IF0010&includeSupersedes=0&source=fc](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Netcool+System+Service+Monitor&release=4.0.1.3&platform=All&function=fixId&fixids=4.0.1.3-TIV-SSM-IF0010&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-30T12:37:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-12-30T12:37:03", "id": "71D0066AB30B4D7CDBC8617E06029534108D1E91FB970B489F24F94CE6A185D1", "href": "https://www.ibm.com/support/pages/node/6842263", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:43:43", "description": "## Summary\n\nMultiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak \nLinux kernel is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. (CVE-2022-1012, CVE-2022-32250). \nOpenSSL is used by IBM Robotic Process Automation for Cloud Pak for handling certificates in the API Server image. (CVE-2022-1292, CVE-2022-2068, CVE-2022-2097). \nPCRE2 is used by IBM Robotic Process Automation for Cloud Pak as part of the base container images. (CVE-2022-1586). \nGolang Go is used by IBM Robotic Process Automation for Cloud Pak as part of the operators. (CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30580, CVE-2022-30629, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189). \nsystemd is used by IBM Robotic Process Automation for Cloud Pak as part of the base container images. (CVE-2022-2526). \nJava is used by IBM Robotic Process Automation for Cloud Pak as part of the <product functionality using the 3rd party software>. (CVE-2022-21540, CVE-2022-21541). \nrsync is used by IBM Robotic Process Automation for Cloud Pak for download, test and install anti-virus databases. (CVE-2022-29154). \nlibcurl is used by IBM Robotic Process Automation for Cloud Pak as part of the base container images. (CVE-2022-32206, CVE-2022-32208). \nApache XLAN Java XSLT is used by IBM Robotic Process Automation for Cloud Pak as part of the Java package used for NLP services. (CVE-2022-34169). \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-1012](<https://vulners.com/cve/CVE-2022-1012>) \n**DESCRIPTION: **Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a memory leak flaw in the TCP source port generation algorithm in the net/ipv4/tcp.c function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) \n \n**CVEID: **[CVE-2022-1292](<https://vulners.com/cve/CVE-2022-1292>) \n**DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225619](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225619>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2022-1586](<https://vulners.com/cve/CVE-2022-1586>) \n**DESCRIPTION: **PCRE2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the compile_xclass_matchingpath() function in the pcre2_jit_compile.c file. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226863](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226863>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2022-1705](<https://vulners.com/cve/CVE-2022-1705>) \n**DESCRIPTION: **Golang Go is vulnerable to HTTP request smuggling, caused by a flaw with accepting of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233258](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233258>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2022-1962](<https://vulners.com/cve/CVE-2022-1962>) \n**DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a stack exhaustion flaw in all Parse* functions. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n**DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2022-2526](<https://vulners.com/cve/CVE-2022-2526>) \n**DESCRIPTION: **systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in \"resolved-dns-stream.c\" not incrementing the reference counting for the DnsStream object. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235161](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235161>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2022-21540](<https://vulners.com/cve/CVE-2022-21540>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231567](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231567>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2022-21541](<https://vulners.com/cve/CVE-2022-21541>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231568](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231568>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2022-28131](<https://vulners.com/cve/CVE-2022-28131>) \n**DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Decoder.Skip in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233141](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233141>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-29154](<https://vulners.com/cve/CVE-2022-29154>) \n**DESCRIPTION: **Rsync could allow a remote attacker to bypass security restrictions, caused by improper validation of file names. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to write arbitrary files inside the directories of connecting peers. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2022-30580](<https://vulners.com/cve/CVE-2022-30580>) \n**DESCRIPTION: **Golang Go could allow a local attacker to execute arbitrary code on the system, caused by a flaw when Cmd.Run, cmd.Start, cmd.Output, or cmd.CombinedOutput are executed when Cmd.Path is unset. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229858](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229858>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2022-30629](<https://vulners.com/cve/CVE-2022-30629>) \n**DESCRIPTION: **Golang Go could allow a remote attacker to obtain sensitive information, caused by an issue with session tickets generated by crypto/tls did not contain a randomly generated ticket_age_add. By comparing ticket ages during session resumption, an attacker could exploit this vulnerability to observe TLS handshakes information to correlate successive connections. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229859](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229859>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2022-30630](<https://vulners.com/cve/CVE-2022-30630>) \n**DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Glob in io/fs due to stack exhaustion. By sending a specially-crafted request using a path which contains a large number of path separators, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233143](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233143>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-30631](<https://vulners.com/cve/CVE-2022-30631>) \n**DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Reader.Read in compress/gzip due to stack exhaustion. By parsing a specially-crafted compressed file, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-30632](<https://vulners.com/cve/CVE-2022-30632>) \n**DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Glob in path/filepath due to stack exhaustion. By sending a specially-crafted request using a path containing a large number of path separators, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233145](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233145>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-30633](<https://vulners.com/cve/CVE-2022-30633>) \n**DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Unmarshal in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233146>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-30635](<https://vulners.com/cve/CVE-2022-30635>) \n**DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Decoder.Decode in encoding/gob due to stack exhaustion. By sending a specially-crafted message containing deeply nested structures, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233147](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233147>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-32148](<https://vulners.com/cve/CVE-2022-32148>) \n**DESCRIPTION: **Golang Go could allow a remote attacker to obtain sensitive information, caused by improper exposure of client IP addresses in net/http. By calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, an attacker could exploit this vulnerability to obtain the client IP address information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233148](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233148>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-32189](<https://vulners.com/cve/CVE-2022-32189>) \n**DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in Float.GobDecode and Rat GobDecode in math/big. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233149](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233149>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-32206](<https://vulners.com/cve/CVE-2022-32206>) \n**DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable \"links\" in the \"chained\" HTTP compression algorithms. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to insert a virtually unlimited number of compression steps, and results in a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229740>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-32208](<https://vulners.com/cve/CVE-2022-32208>) \n**DESCRIPTION: **cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw in the handling of message verification failures. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to inject data to the client.. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229742>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2022-32250](<https://vulners.com/cve/CVE-2022-32250>) \n**DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free write flaw in the netfilter subsystem. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2022-34169](<https://vulners.com/cve/CVE-2022-34169>) \n**DESCRIPTION: **The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncation issue when processing malicious XSLT stylesheets. By using specially crafted XSLT stylesheets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Robotic Process Automation for Cloud Pak | < 21.0.5 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.** **Product(s)** | **Version(s) number and/or range ** | **Remediation/Fix/Instructions** \n---|---|--- \nIBM Robotic Process Automation for Cloud Pak | < 21.0.5 | Follow [instructions](<https://www.ibm.com/docs/en/rpa/21.0?topic=platform-preparing-applying-upgraded-custom-resource> \"\" ) to update to 21.0.5 or higher. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-24T20:10:11", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1012", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21540", "CVE-2022-21541", "CVE-2022-2526", "CVE-2022-28131", "CVE-2022-29154", "CVE-2022-30580", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-32250", "CVE-2022-34169"], "modified": "2022-10-24T20:10:11", "id": "F8949F00CDCE086FCFA5F40AFADF9DB9E3B4DD10AB910034C41279EA96313C2A", "href": "https://www.ibm.com/support/pages/node/6831591", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:46:43", "description": "## Summary\n\nThere is a vulnerabilities in OpenSSL and WebSphere Liberty that affect IBM WIoTP MessageGateway.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-11777](<https://vulners.com/cve/CVE-2019-11777>) \n** DESCRIPTION: **Eclipse Paho Java client could allow a remote attacker to bypass security restrictions, caused by the failure to check the result when connecting to an MQTT server using TLS and setting a host name verifier. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow one MQTT server to impersonate another and provide the client library with incorrect information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167068](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167068>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-22476](<https://vulners.com/cve/CVE-2022-22476>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225604](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225604>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-22475](<https://vulners.com/cve/CVE-2022-22475>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2022-1292](<https://vulners.com/cve/CVE-2022-1292>) \n** DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225619](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225619>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WIoTP MessageGateway| 5.0.0.1 \n \n\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n_IBM WIoTP MessageGateway_| \n\n_5.0.0.2_\n\n| \n\n_IT41935_\n\n| [_5.0.0.2-IBM-IMA-IFIT41935_](<https://www.ibm.com/support/pages/node/6617943>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T12:35:24", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in openSSL and WebSphere Liberty affect IBM WIoTP MessageGateway (CVE-2022-22476 CVE-2019-11777 CVE-2022-22475 CVE-2022-2097 CVE-2022-2068 CVE-2022-1292)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11777", "CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-22475", "CVE-2022-22476"], "modified": "2022-09-13T12:35:24", "id": "EA14EC6134110E482A82A70BFDEAD48335455A70FA71C151C62860AACE47AA41", "href": "https://www.ibm.com/support/pages/node/6619953", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:47:37", "description": "## Summary\n\nVulnerabilities in IBM WebSphere Application Server Liberty and OpenSSL such as execution of arbitrary commands on the system, obtaining sensitive information, and identity spoofing may affect IBM Spectrum Control.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-22475](<https://vulners.com/cve/CVE-2022-22475>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Control| 5.4 \n \n\n\n## Remediation/Fixes\n\n**Release**| ** Link to Fix** \n---|--- \nIBM Spectrum Control v5.4.8| **<https://www.ibm.com/support/pages/latest-downloads-ibm-spectrum-control>** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-18T07:27:46", "type": "ibm", "title": "Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to IBM WebSphere Application Server Liberty and OpenSSL (CVE-2022-2068, CVE-2022-2097, CVE-2022-22475)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2068", "CVE-2022-2097", "CVE-2022-22475"], "modified": "2022-08-18T07:27:46", "id": "8F5E37B1492215750DE26664A7C69EEF4EF0583C2F012D3F658AE9A44437DA40", "href": "https://www.ibm.com/support/pages/node/6613565", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:41:24", "description": "## Summary\n\nMultiple Security Vulnerabilities were found in the IBM Security Verify Access (ISVA) Appliance Operating System layer. These vulnerabilities have been addressed in ISVA 10.0.5.0, which is linked below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-2526](<https://vulners.com/cve/CVE-2022-2526>) \n** DESCRIPTION: **systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in \"resolved-dns-stream.c\" not incrementing the reference counting for the DnsStream object. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235161](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235161>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-24903](<https://vulners.com/cve/CVE-2022-24903>) \n** DESCRIPTION: **rsyslog is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the TCP syslog server (receiver) components. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225843](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225843>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-28733](<https://vulners.com/cve/CVE-2022-28733>) \n** DESCRIPTION: **GNU grub2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer underflow in grub_net_recv_ip4_packets. By sending a specially-crafted IP packet, an attacker could exploit this vulnerability to cause code execution and/or secure boot circumvention. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228274](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228274>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-28734](<https://vulners.com/cve/CVE-2022-28734>) \n** DESCRIPTION: **GNU grub2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write when handling split HTTP headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause code execution and/or secure boot circumvention. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228275](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228275>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2022-32206](<https://vulners.com/cve/CVE-2022-32206>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable \"links\" in the \"chained\" HTTP compression algorithms. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to insert a virtually unlimited number of compression steps, and results in a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229740>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-32208](<https://vulners.com/cve/CVE-2022-32208>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw in the handling of message verification failures. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to inject data to the client.. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229742>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-1012](<https://vulners.com/cve/CVE-2022-1012>) \n** DESCRIPTION: **Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a memory leak flaw in the TCP source port generation algorithm in the net/ipv4/tcp.c function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2022-25314](<https://vulners.com/cve/CVE-2022-25314>) \n** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the copyString function. By sending an overly-long argument, an attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219946>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-34903](<https://vulners.com/cve/CVE-2022-34903>) \n** DESCRIPTION: **GnuPG could allow a remote attacker to conduct spoofing attacks, caused by a flaw when processing secret-key information from keyring. By sending a specially-crafted request to perform injection into the status line, an attacker could exploit this vulnerability to perform signature spoofing. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-25032](<https://vulners.com/cve/CVE-2018-25032>) \n** DESCRIPTION: **Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222615](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222615>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22576](<https://vulners.com/cve/CVE-2022-22576>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security restrictions, caused by improper authentication validation when reuse OAUTH2-authenticated connections. By sending a specially-crafted request using user + \"other OAUTH2 bearer\", an attacker could exploit this vulnerability to bypass access authentication validation. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225291](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225291>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-27774](<https://vulners.com/cve/CVE-2022-27774>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the \"same host check\" feature during a cross protocol redirects. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225294](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225294>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-27776](<https://vulners.com/cve/CVE-2022-27776>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw when asked to send custom headers or cookies in its HTTP requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain authentication or cookie header data information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225296](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225296>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-1292](<https://vulners.com/cve/CVE-2022-1292>) \n** DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225619](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225619>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Verify Access| 10.0.X \n \n\n\n## Remediation/Fixes\n\n**IBM encourages customers to update their systems promptly.**\n\n** **\n\n**Affected Products and Versions**\n\n| \n\n**Fix availability** \n \n---|--- \n \nIBM Security Verify Access 10.0.0.0\n\n| \n\n[**10.0.5-ISS-ISVA-FP000**](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Verify+Access&release=10.0.4.0&platform=Linux&function=fixId&fixids=10.0.5-ISS-ISVA-FP0000&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"10.0.5-ISS-ISVA-FP000\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T23:10:11", "type": "ibm", "title": "Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2022-1012", "CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-22576", "CVE-2022-24903", "CVE-2022-2526", "CVE-2022-25314", "CVE-2022-27774", "CVE-2022-27776", "CVE-2022-28733", "CVE-2022-28734", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903"], "modified": "2023-01-12T23:10:11", "id": "AD6CCE2A1D5A9869BD583668A696E96D5711DC6790008CC35A1991D46E49ABE2", "href": "https://www.ibm.com/support/pages/node/6855297", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T17:42:23", "description": "## Summary\n\nVulnerabilities contained within libcurl (a 3rd party component) were identified and remediated in the IBM MaaS360 Cloud Extender Agent and Base Module.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-32205](<https://vulners.com/cve/CVE-2022-32205>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by an issue with the ability to set excessive amounts of Set-Cookie: headers in a HTTP response to curl by a server. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to create requests that become larger than the threshold, and results in a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229739](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229739>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-32206](<https://vulners.com/cve/CVE-2022-32206>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable \"links\" in the \"chained\" HTTP compression algorithms. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to insert a virtually unlimited number of compression steps, and results in a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229740>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-32207](<https://vulners.com/cve/CVE-2022-32207>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by improper preservation of permissions when saving cookies, alt-svc and hsts data to local files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229741>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-32208](<https://vulners.com/cve/CVE-2022-32208>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw in the handling of message verification failures. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to inject data to the client.. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229742>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MaaS360 Cloud Extender Agent| 2.106.600.007 and prior \nIBM MaaS360 Cloud Extender Base| 2.106.600 and prior \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\n * Update the IBM MaaS360 Cloud Extender to version 2.106.650.002 or greater.\n * Apply the IBM Base Module to version 2.106.650 or greater\n\nThe latest Cloud Extender agent is available within the MaaS360 Administrator Portal.\n\nInstructions to upgrade the Agent and apply modules is located on this IBM Documentation [page](<https://www.ibm.com/docs/en/maas360?topic=extender-upgrading-cloud> \"page\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-06T04:10:57", "type": "ibm", "title": "Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module uses libcurl with multiple known vulnerabilities (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32205", "CVE-2022-32206", "CVE-2022-32207", "CVE-2022-32208"], "modified": "2022-10-06T04:10:57", "id": "70C52835D439D05D295FB163B1E67786F3104DC1F4B9CD79AC81516B21B46D46", "href": "https://www.ibm.com/support/pages/node/6826107", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:43:12", "description": "## Summary\n\nThe product includes multiple vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-29154](<https://vulners.com/cve/CVE-2022-29154>) \n** DESCRIPTION: **Rsync could allow a remote attacker to bypass security restrictions, caused by improper validation of file names. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to write arbitrary files inside the directories of connecting peers. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-38177](<https://vulners.com/cve/CVE-2022-38177>) \n** DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by a small memory leak in the DNSSEC verification code for the ECDSA algorithm. By spoofing the target resolver with responses that have a malformed ECDSA signature, a remote attacker could exploit this vulnerability to cause named to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236705](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236705>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40674](<https://vulners.com/cve/CVE-2022-40674>) \n** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the doContent function in xmlparse.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236116](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236116>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-2526](<https://vulners.com/cve/CVE-2022-2526>) \n** DESCRIPTION: **systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in \"resolved-dns-stream.c\" not incrementing the reference counting for the DnsStream object. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235161](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235161>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n\u200b\n\nAffected Product(s)| Version(s) \n---|--- \nIBM QRadar Network Packet Capture| 7.4.0 - 7.4.3 Fix Pack 5 \nIBM QRadar Network Packet Capture| 7.5.0 - 7.5.0 Update Package 2 \n \n\n\n## Remediation/Fixes\n\n\u200bIBM encourages customers to update their systems promptly. \n\nProduct| Version| Fix \n---|---|--- \nIBM QRadar Network Packet Capture| 7.4.| [IBM QRadar Network Packet Capture 7.4.3 Fix Pack 6](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.3-QRadar-NETPCAP-Upgrade-1309&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM QRadar Network Packet Capture 7.4.3 Fix Pack 6\" ) \nIBM QRadar Network Packet Capture| 7.5| [IBM QRadar Network Packet Capture 7.5.0 Update Package 3](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=7.5.0&platform=Linux&function=fixId&fixids=7.5.0-QRadar-NETPCAP-Upgrade-1504&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM QRadar Network Packet Capture 7.5.0 Update Package 3\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-09T18:42:35", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2526", "CVE-2022-29154", "CVE-2022-38177", "CVE-2022-40674"], "modified": "2022-11-09T18:42:35", "id": "A9E95ACFA12F14901F06AEB72CE135C981AC1F52E5EEB65793FACC0F0CBD2136", "href": "https://www.ibm.com/support/pages/node/6838295", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:44:30", "description": "## Summary\n\nMultiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.6-x packages [curl, systemd and Golang Go] that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-32206](<https://vulners.com/cve/CVE-2022-32206>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable \"links\" in the \"chained\" HTTP compression algorithms. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to insert a virtually unlimited number of compression steps, and results in a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229740>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-32208](<https://vulners.com/cve/CVE-2022-32208>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw in the handling of message verification failures. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to inject data to the client.. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229742>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-2526](<https://vulners.com/cve/CVE-2022-2526>) \n** DESCRIPTION: **systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in \"resolved-dns-stream.c\" not incrementing the reference counting for the DnsStream object. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235161](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235161>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-30630](<https://vulners.com/cve/CVE-2022-30630>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Glob in io/fs due to stack exhaustion. By sending a specially-crafted request using a path which contains a large number of path separators, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233143](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233143>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-30635](<https://vulners.com/cve/CVE-2022-30635>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Decoder.Decode in encoding/gob due to stack exhaustion. By sending a specially-crafted message containing deeply nested structures, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233147](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233147>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-32148](<https://vulners.com/cve/CVE-2022-32148>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to obtain sensitive information, caused by improper exposure of client IP addresses in net/http. By calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, an attacker could exploit this vulnerability to obtain the client IP address information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233148](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233148>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-30631](<https://vulners.com/cve/CVE-2022-30631>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Reader.Read in compress/gzip due to stack exhaustion. By parsing a specially-crafted compressed file, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-30632](<https://vulners.com/cve/CVE-2022-30632>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Glob in path/filepath due to stack exhaustion. By sending a specially-crafted request using a path containing a large number of path separators, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233145](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233145>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-28131](<https://vulners.com/cve/CVE-2022-28131>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Decoder.Skip in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233141](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233141>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-30633](<https://vulners.com/cve/CVE-2022-30633>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Unmarshal in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233146>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-1705](<https://vulners.com/cve/CVE-2022-1705>) \n** DESCRIPTION: **Golang Go is vulnerable to HTTP request smuggling, caused by a flaw with accepting of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233258](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233258>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-46828](<https://vulners.com/cve/CVE-2021-46828>) \n** DESCRIPTION: **Libtirpc is vulnerable to a denial of service, caused by the mishandling of idle TCP connections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause an infinite loop in the svc_run function, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232191](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232191>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM MQ Operator| EUS release v1.3.7 and LTS Release v2.0.2 \nIBM supplied MQ Advanced container images| v9.2.0.6-r2-eus and v9.3.0.0-r3 \n \n\n\n## Remediation/Fixes\n\nIssues listed by this security bulletin are addressed in IBM MQ Operator v2.0.3 LTS release that included IBM supplied MQ Advanced v9.3.0.1 container images and IBM MQ Operator v1.3.8 EUS release that included IBM supplied MQ Advanced 9.2.0.6 container images. \n\nIBM MQ Operator v2.0.3 LTS release details:\n\n**Image**| **Fix Version**| **Registry**| **Image Location** \n---|---|---|--- \nibm-mq-operator| 2.0.3| icr.io| icr.io/cpopen/ibm-mq-operator@sha256:9b70bbc1fb7f6729661e341ca0ddf89faee33d9fb3e31afd0da85a56f0aef3f1 \nibm-mqadvanced-server| 9.3.0.1-r1| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server@sha256:895ab4c04cc5806f09e84aa7a8649dd880d07400e43beca539396aae2ee5e709 \nibm-mqadvanced-server-integration| 9.3.0.1-r1| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:715756549b22e21b201650c820fb141e65e44dc0b6092d3350dbc748a23321f7 \nibm-mqadvanced-server-dev| 9.3.0.1-r1| icr.io| icr.io/ibm-messaging/mq@sha256:45e303366f37703e6516546aee7d52259b4e170ced05179716afb6da7058f9ef \n \nIBM MQ Operator v1.3.8 EUS release details:\n\n**Image**| **Fix Version**| **Registry**| **Image Location** \n---|---|---|--- \nibm-mq-operator| 1.3.8| icr.io| icr.io/cpopen/ibm-mq-operator@sha256:a50e9a5006f0e44078a5de26c0d6f56bdea3e1489f362aae2106dc40cadbbec8 \nibm-mqadvanced-server-integration| 9.2.0.6-r3-eus| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:f4f6310132db555bcc47c697d28776c9a368c2e5954893a4d45e7a401902b997 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-28T09:47:09", "type": "ibm", "title": "Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from curl, systemd, and Golang Go", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46828", "CVE-2022-1705", "CVE-2022-2526", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-28T09:47:09", "id": "AC8A176111C5D0EEF4CBEEF646DE5672F13451B994F8BB844C6C076689090D26", "href": "https://www.ibm.com/support/pages/node/6824759", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:45:48", "description": "## Summary\n\nMultiple vulnerabilities in OpenSSL affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include execution of arbitrary commands, weaker than expected security, and denial of service. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1292](<https://vulners.com/cve/CVE-2022-1292>) \n** DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225619](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225619>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-4160](<https://vulners.com/cve/CVE-2021-4160>) \n** DESCRIPTION: **OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to launch further attacks on the system \nCVSS Base score: 6.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-0778](<https://vulners.com/cve/CVE-2022-0778>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221911](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221911>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Spectrum Protect Plus| 10.1.0-10.1.11 \n \n \n\n\n## Remediation/Fixes\n\n**IBM Spectrum Protect** \n**Plus Affected Versions \n**| **Fixing \n****Level**| \n\n**Deployment \nPlatform \n**\n\n| **Link to Fix and Instructions \n** \n---|---|---|--- \n10.1.0-10.1.11| 10.1.12| Windows| \n\n**<https://www.ibm.com/support/pages/node/6603663>** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-21T20:55:38", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4160", "CVE-2022-0778", "CVE-2022-1292", "CVE-2022-2068"], "modified": "2022-09-21T20:55:38", "id": "32A60A9C1BA6A62100EB71CDFA36BDD4A97E492CAF4EC2F477EF0C0B4B0BBA9B", "href": "https://www.ibm.com/support/pages/node/6622079", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T17:39:25", "description": "## Summary\n\nThere are multiple vulnerabilities in Curl that affect PowerSC.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-32206](<https://vulners.com/cve/CVE-2022-32206>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable \"links\" in the \"chained\" HTTP compression algorithms. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to insert a virtually unlimited number of compression steps, and results in a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229740>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-32207](<https://vulners.com/cve/CVE-2022-32207>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by improper preservation of permissions when saving cookies, alt-svc and hsts data to local files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229741>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-32208](<https://vulners.com/cve/CVE-2022-32208>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw in the handling of message verification failures. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to inject data to the client.. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229742>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-32205](<https://vulners.com/cve/CVE-2022-32205>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by an issue with the ability to set excessive amounts of Set-Cookie: headers in a HTTP response to curl by a server. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to create requests that become larger than the threshold, and results in a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229739](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229739>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-35252](<https://vulners.com/cve/CVE-2022-35252>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a flaw when cookies contain control codes are later sent back to an HTTP(S) server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a \"sister site\" to deny service to siblings. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234980](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234980>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nPowerSC| 1.3, 2.0, 2.1 \n \nThe vulnerabilities in the following filesets are being addressed:\n\nFileset| Lower Level| Upper Level \n---|---|--- \npowerscStd.tnc_pm| 1.3.0.4| 2.1.0.4 \ncurl-7.85.0-1.aix7.1.ppc.rpm| 7.19.4| 7.83.1 \n \nNote: To find out whether the affected PowerSC filesets are installed on your systems, refer to the lslpp command found in AIX user's guide. To find out whether the affected curl filesets are installed on your systems, refer to the rpm command found in AIX user's guide.\n\nExample: lslpp -l | grep powerscStd\n\nExample: rpm -qa | grep curl\n\n \n\n\n## Remediation/Fixes\n\n**A. FIXES**\n\nIBM highly recommends addressing the vulnerabilities now.\n\nThe fixes can be downloaded via ftp or http from:\n\nftp://aix.software.ibm.com/aix/efixes/powersc/security/curl_fix9.tar\n\n<http://aix.software.ibm.com/aix/efixes/powersc/security/curl_fix9.tar>\n\n<https://aix.software.ibm.com/aix/efixes/powersc/security/curl_fix9.tar>\n\nThe link above is to a tar file containing this signed advisory, open source fix packages, and OpenSSL signatures for each package.\n\nTo extract the fixes from the tar file:\n\ntar xvf curl_fix9.tar \n\ncd curl_fix9\n\nVerify you have retrieved the fixes intact:\n\nThe checksums below were generated using the \"openssl dgst -sha256 [filename]\" command as the following:\n\nopenssl dgst -sha256| filename \n---|--- \n77a5e41cca844667283272b571317056f79302d983d75c627bbeaca5d3845172| curl-7.85.0-1.aix7.1.ppc.rpm \n \nThese sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes. If the sums or signatures cannot be confirmed, contact IBM Support.\n\nopenssl dgst -sha256 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n\nopenssl dgst -sha256 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\nPublished advisory OpenSSL signature file location:\n\n<http://aix.software.ibm.com/aix/efixes/powersc/security/curl_advisory9.asc.sig>\n\n<https://aix.software.ibm.com/aix/efixes/powersc/security/curl_advisory9.asc.sig>\n\nftp://aix.software.ibm.com/aix/efixes/powersc/security/curl_advisory9.asc.sig\n\n**B. FIX AND INTERIM FIX INSTALLATION**\n\nIMPORTANT: If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.\n\nTo extract the fixes from the tar file:\n\ntar xvf curl_fix9.tar\n\ncd curl_fix9\n\nTo install a fix package:\n\nrpm -ivh *.rpm\n\nrpm -Uvh *.rpm\n\nTo install any dependencies along with the fix package:\n\nyum update curl \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-19T20:14:45", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32205", "CVE-2022-32206", "CVE-2022-32207", "CVE-2022-32208", "CVE-2022-35252"], "modified": "2023-01-19T20:14:45", "id": "9FD583B4EB98DE738D4995A7051ACB001233C81BBDFA0CEB3450CE85EA2D30A9", "href": "https://www.ibm.com/support/pages/node/6856467", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:36:57", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a man-in-the-middle attack in cURL libcurl caused by a flaw in the handling of message verification failures. (CVE-2022-32208). cURL libcurl is included as part of the Base OS used by our service images. Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-32208](<https://vulners.com/cve/CVE-2022-32208>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw in the handling of message verification failures. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to inject data to the client.. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229742>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.6.3 \n \n \n \n\n\n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.6.4| The fix in 4.6.4 applies to all versions listed (4.0.0-4.6.3). Version 4.6.4 can be downloaded and installed from: ** \n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=installing>** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-31T16:58:32", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a man-in-the-middle attack in cURL libcurl (CVE-2022-32208)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32208"], "modified": "2023-03-31T16:58:32", "id": "07EE218335DDC3C7223D7837ADF53633B6F4AC704EC2C983CA17BD0E6FD05CF3", "href": "https://www.ibm.com/support/pages/node/6967655", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-05-22T22:39:34", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5942 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : vim (ALSA-2022:5942)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927"], "modified": "2022-11-17T00:00:00", "cpe": ["p-cpe:/a:alma:linux:vim-x11", "p-cpe:/a:alma:linux:vim-common", "p-cpe:/a:alma:linux:vim-enhanced", "p-cpe:/a:alma:linux:vim-filesystem", "p-cpe:/a:alma:linux:vim-minimal", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream", "cpe:/o:alma:linux:9::baseos"], "id": "ALMA_LINUX_ALSA-2022-5942.NASL", "href": "https://www.tenable.com/plugins/nessus/167681", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:5942.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167681);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/17\");\n\n script_cve_id(\"CVE-2022-1785\", \"CVE-2022-1897\", \"CVE-2022-1927\");\n script_xref(name:\"ALSA\", value:\"2022:5942\");\n\n script_name(english:\"AlmaLinux 9 : vim (ALSA-2022:5942)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:5942 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-5942.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1927\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(126, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::baseos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'vim-common-8.2.2637-16.el9_0.3', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-common-8.2.2637-16.el9_0.3', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.2.2637-16.el9_0.3', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.2.2637-16.el9_0.3', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-filesystem-8.2.2637-16.el9_0.3', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.2.2637-16.el9_0.3', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.2.2637-16.el9_0.3', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.2.2637-16.el9_0.3', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.2.2637-16.el9_0.3', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim-X11 / vim-common / vim-enhanced / vim-filesystem / vim-minimal');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-22T22:35:08", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5813 advisory.\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897)\n\n - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-06T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : vim (ELSA-2022-5813)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927"], "modified": "2022-11-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:vim-x11", "p-cpe:/a:oracle:linux:vim-common", "p-cpe:/a:oracle:linux:vim-enhanced", "p-cpe:/a:oracle:linux:vim-filesystem", "p-cpe:/a:oracle:linux:vim-minimal"], "id": "ORACLELINUX_ELSA-2022-5813.NASL", "href": "https://www.tenable.com/plugins/nessus/163894", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-5813.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163894);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\"CVE-2022-1785\", \"CVE-2022-1897\", \"CVE-2022-1927\");\n\n script_name(english:\"Oracle Linux 8 : vim (ELSA-2022-5813)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-5813 advisory.\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897)\n\n - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-5813.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1927\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-minimal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'vim-common-8.0.1763-19.0.1.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-common-8.0.1763-19.0.1.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.0.1763-19.0.1.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.0.1763-19.0.1.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-filesystem-8.0.1763-19.0.1.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.0.1763-19.0.1.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.0.1763-19.0.1.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.0.1763-19.0.1.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.0.1763-19.0.1.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim-X11 / vim-common / vim-enhanced / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-22T22:35:38", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5942 advisory.\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897)\n\n - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : vim (ELSA-2022-5942)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927"], "modified": "2022-11-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:vim-x11", "p-cpe:/a:oracle:linux:vim-common", "p-cpe:/a:oracle:linux:vim-enhanced", "p-cpe:/a:oracle:linux:vim-filesystem", "p-cpe:/a:oracle:linux:vim-minimal"], "id": "ORACLELINUX_ELSA-2022-5942.NASL", "href": "https://www.tenable.com/plugins/nessus/164004", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-5942.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164004);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\"CVE-2022-1785\", \"CVE-2022-1897\", \"CVE-2022-1927\");\n\n script_name(english:\"Oracle Linux 9 : vim (ELSA-2022-5942)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-5942 advisory.\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897)\n\n - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-5942.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1927\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-minimal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'vim-common-8.2.2637-16.0.1.el9_0.3', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-common-8.2.2637-16.0.1.el9_0.3', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.2.2637-16.0.1.el9_0.3', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.2.2637-16.0.1.el9_0.3', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-filesystem-8.2.2637-16.0.1.el9_0.3', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.2.2637-16.0.1.el9_0.3', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.2.2637-16.0.1.el9_0.3', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.2.2637-16.0.1.el9_0.3', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.2.2637-16.0.1.el9_0.3', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim-X11 / vim-common / vim-enhanced / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-22T22:34:54", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5813 advisory.\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897)\n\n - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : vim (5813) (ALSA-2022:5813)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927"], "modified": "2022-11-01T00:00:00", "cpe": ["p-cpe:/a:alma:linux:vim-x11", "p-cpe:/a:alma:linux:vim-common", "p-cpe:/a:alma:linux:vim-enhanced", "p-cpe:/a:alma:linux:vim-filesystem", "p-cpe:/a:alma:linux:vim-minimal", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-5813.NASL", "href": "https://www.tenable.com/plugins/nessus/164024", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:5813.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164024);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\"CVE-2022-1785\", \"CVE-2022-1897\", \"CVE-2022-1927\");\n script_xref(name:\"ALSA\", value:\"2022:5813\");\n\n script_name(english:\"AlmaLinux 8 : vim (5813) (ALSA-2022:5813)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:5813 advisory.\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897)\n\n - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-5813.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1927\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'vim-common-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-common-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-filesystem-8.0.1763-19.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim-X11 / vim-common / vim-enhanced / vim-filesystem / vim-minimal');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:31:35", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5813 advisory.\n\n - vim: Out-of-bounds Write (CVE-2022-1785)\n\n - vim: out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897)\n\n - vim: buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-03T00:00:00", "type": "nessus", "title": "RHEL 8 : vim (RHSA-2022:5813)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:vim-x11", "p-cpe:/a:redhat:enterprise_linux:vim-common", "p-cpe:/a:redhat:enterprise_linux:vim-enhanced", "p-cpe:/a:redhat:enterprise_linux:vim-filesystem", "p-cpe:/a:redhat:enterprise_linux:vim-minimal"], "id": "REDHAT-RHSA-2022-5813.NASL", "href": "https://www.tenable.com/plugins/nessus/163795", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5813. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163795);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-1785\", \"CVE-2022-1897\", \"CVE-2022-1927\");\n script_xref(name:\"RHSA\", value:\"2022:5813\");\n\n script_name(english:\"RHEL 8 : vim (RHSA-2022:5813)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5813 advisory.\n\n - vim: Out-of-bounds Write (CVE-2022-1785)\n\n - vim: out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897)\n\n - vim: buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2091682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2091687\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1927\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(125, 126, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'vim-common-8.0.1763-19.el8_6.4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.0.1763-19.el8_6.4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-filesystem-8.0.1763-19.el8_6.4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.0.1763-19.el8_6.4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.0.1763-19.el8_6.4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'vim-common-8.0.1763-19.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.0.1763-19.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-filesystem-8.0.1763-19.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.0.1763-19.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.0.1763-19.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim-X11 / vim-common / vim-enhanced / vim-filesystem / vim-minimal');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:30:45", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5942 advisory.\n\n - vim: Out-of-bounds Write (CVE-2022-1785)\n\n - vim: out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897)\n\n - vim: buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "RHEL 9 : vim (RHSA-2022:5942)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "cpe:/o:redhat:rhel_aus:9.2", "cpe:/o:redhat:rhel_e4s:9.0", "cpe:/o:redhat:rhel_e4s:9.2", "cpe:/o:redhat:rhel_eus:9.0", "cpe:/o:redhat:rhel_eus:9.2", "p-cpe:/a:redhat:enterprise_linux:vim-x11", "p-cpe:/a:redhat:enterprise_linux:vim-common", "p-cpe:/a:redhat:enterprise_linux:vim-enhanced", "p-cpe:/a:redhat:enterprise_linux:vim-filesystem", "p-cpe:/a:redhat:enterprise_linux:vim-minimal"], "id": "REDHAT-RHSA-2022-5942.NASL", "href": "https://www.tenable.com/plugins/nessus/163937", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5942. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163937);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-1785\", \"CVE-2022-1897\", \"CVE-2022-1927\");\n script_xref(name:\"RHSA\", value:\"2022:5942\");\n\n script_name(english:\"RHEL 9 : vim (RHSA-2022:5942)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5942 advisory.\n\n - vim: Out-of-bounds Write (CVE-2022-1785)\n\n - vim: out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897)\n\n - vim: buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2091682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2091687\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1927\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(125, 126, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel9/9.2/x86_64/appstream/debug',\n 'content/aus/rhel9/9.2/x86_64/appstream/os',\n 'content/aus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel9/9.2/x86_64/baseos/debug',\n 'content/aus/rhel9/9.2/x86_64/baseos/os',\n 'content/aus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.2/aarch64/appstream/os',\n 'content/e4s/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.2/aarch64/baseos/os',\n 'content/e4s/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/appstream/debug',\n 'content/e4s/rhel9/9.2/s390x/appstream/os',\n 'content/e4s/rhel9/9.2/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/baseos/debug',\n 'content/e4s/rhel9/9.2/s390x/baseos/os',\n 'content/e4s/rhel9/9.2/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.2/s390x/highavailability/os',\n 'content/e4s/rhel9/9.2/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/sap/debug',\n 'content/e4s/rhel9/9.2/s390x/sap/os',\n 'content/e4s/rhel9/9.2/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.2/x86_64/appstream/os',\n 'content/e4s/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.2/x86_64/baseos/os',\n 'content/e4s/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap/os',\n 'content/e4s/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/appstream/debug',\n 'content/eus/rhel9/9.2/aarch64/appstream/os',\n 'content/eus/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/baseos/debug',\n 'content/eus/rhel9/9.2/aarch64/baseos/os',\n 'content/eus/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.2/aarch64/highavailability/os',\n 'content/eus/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.2/aarch64/supplementary/os',\n 'content/eus/rhel9/9.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.2/ppc64le/appstream/os',\n 'content/eus/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.2/ppc64le/baseos/os',\n 'content/eus/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap/os',\n 'content/eus/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/appstream/debug',\n 'content/eus/rhel9/9.2/s390x/appstream/os',\n 'content/eus/rhel9/9.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/baseos/debug',\n 'content/eus/rhel9/9.2/s390x/baseos/os',\n 'content/eus/rhel9/9.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/highavailability/debug',\n 'content/eus/rhel9/9.2/s390x/highavailability/os',\n 'content/eus/rhel9/9.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/sap/debug',\n 'content/eus/rhel9/9.2/s390x/sap/os',\n 'content/eus/rhel9/9.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/supplementary/debug',\n 'content/eus/rhel9/9.2/s390x/supplementary/os',\n 'content/eus/rhel9/9.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/appstream/debug',\n 'content/eus/rhel9/9.2/x86_64/appstream/os',\n 'content/eus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/baseos/debug',\n 'content/eus/rhel9/9.2/x86_64/baseos/os',\n 'content/eus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.2/x86_64/highavailability/os',\n 'content/eus/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap/debug',\n 'content/eus/rhel9/9.2/x86_64/sap/os',\n 'content/eus/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.2/x86_64/supplementary/os',\n 'content/eus/rhel9/9.2/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'vim-common-8.2.2637-16.el9_0.3', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.2.2637-16.el9_0.3', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-filesystem-8.2.2637-16.el9_0.3', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.2.2637-16.el9_0.3', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.2.2637-16.el9_0.3', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'vim-common-8.2.2637-16.el9_0.3', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.2.2637-16.el9_0.3', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-filesystem-8.2.2637-16.el9_0.3', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.2.2637-16.el9_0.3', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.2.2637-16.el9_0.3', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel9/9.0/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.0/aarch64/appstream/os',\n 'content/e4s/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.0/aarch64/baseos/os',\n 'content/e4s/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.0/ppc64le/sap/os',\n 'content/e4s/rhel9/9.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/appstream/debug',\n 'content/e4s/rhel9/9.0/s390x/appstream/os',\n 'content/e4s/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/baseos/debug',\n 'content/e4s/rhel9/9.0/s390x/baseos/os',\n 'content/e4s/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.0/s390x/highavailability/os',\n 'content/e4s/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/sap/debug',\n 'content/e4s/rhel9/9.0/s390x/sap/os',\n 'content/e4s/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.0/x86_64/appstream/os',\n 'content/e4s/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.0/x86_64/baseos/os',\n 'content/e4s/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/nfv/debug',\n 'content/e4s/rhel9/9.0/x86_64/nfv/os',\n 'content/e4s/rhel9/9.0/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/rt/debug',\n 'content/e4s/rhel9/9.0/x86_64/rt/os',\n 'content/e4s/rhel9/9.0/x86_64/rt/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap/os',\n 'content/e4s/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/appstream/debug',\n 'content/eus/rhel9/9.0/aarch64/appstream/os',\n 'content/eus/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/baseos/debug',\n 'content/eus/rhel9/9.0/aarch64/baseos/os',\n 'content/eus/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.0/aarch64/highavailability/os',\n 'content/eus/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.0/aarch64/supplementary/os',\n 'content/eus/rhel9/9.0/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.0/ppc64le/appstream/os',\n 'content/eus/rhel9/9.0/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.0/ppc64le/baseos/os',\n 'content/eus/rhel9/9.0/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/sap/debug',\n 'content/eus/rhel9/9.0/ppc64le/sap/os',\n 'content/eus/rhel9/9.0/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/appstream/debug',\n 'content/eus/rhel9/9.0/s390x/appstream/os',\n 'content/eus/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/baseos/debug',\n 'content/eus/rhel9/9.0/s390x/baseos/os',\n 'content/eus/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/highavailability/debug',\n 'content/eus/rhel9/9.0/s390x/highavailability/os',\n 'content/eus/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/sap/debug',\n 'content/eus/rhel9/9.0/s390x/sap/os',\n 'content/eus/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/supplementary/debug',\n 'content/eus/rhel9/9.0/s390x/supplementary/os',\n 'content/eus/rhel9/9.0/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/appstream/debug',\n 'content/eus/rhel9/9.0/x86_64/appstream/os',\n 'content/eus/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/baseos/debug',\n 'content/eus/rhel9/9.0/x86_64/baseos/os',\n 'content/eus/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.0/x86_64/highavailability/os',\n 'content/eus/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap/debug',\n 'content/eus/rhel9/9.0/x86_64/sap/os',\n 'content/eus/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.0/x86_64/supplementary/os',\n 'content/eus/rhel9/9.0/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'vim-common-8.2.2637-16.el9_0.3', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-enhanced-8.2.2637-16.el9_0.3', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-filesystem-8.2.2637-16.el9_0.3', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-minimal-8.2.2637-16.el9_0.3', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'vim-X11-8.2.2637-16.el9_0.3', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim-X11 / vim-common / vim-enhanced / vim-filesystem / vim-minimal');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-22T22:35:09", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5813 advisory.\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897)\n\n - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : vim (RLSA-2022:5813)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927"], "modified": "2022-11-01T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:vim-x11", "p-cpe:/a:rocky:linux:vim-x11-debuginfo", "p-cpe:/a:rocky:linux:vim-common", "p-cpe:/a:rocky:linux:vim-common-debuginfo", "p-cpe:/a:rocky:linux:vim-debuginfo", "p-cpe:/a:rocky:linux:vim-debugsource", "p-cpe:/a:rocky:linux:vim-enhanced", "p-cpe:/a:rocky:linux:vim-enhanced-debuginfo", "p-cpe:/a:rocky:linux:vim-filesystem", "p-cpe:/a:rocky:linux:vim-minimal", "p-cpe:/a:rocky:linux:vim-minimal-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-5813.NASL", "href": "https://www.tenable.com/plugins/nessus/164133", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:5813.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164133);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\"CVE-2022-1785\", \"CVE-2022-1897\", \"CVE-2022-1927\");\n script_xref(name:\"RLSA\", value:\"2022:5813\");\n\n script_name(english:\"Rocky Linux 8 : vim (RLSA-2022:5813)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:5813 advisory.\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)\n\n - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897)\n\n - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:5813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2088689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2091682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2091687\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1927\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-X11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-common-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-enhanced-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vim-minimal-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'vim-common-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-common-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-common-debuginfo-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-common-debuginfo-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-debuginfo-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-debuginfo-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-debugsource-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-debugsource-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-enhanced-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-enhanced-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-enhanced-debuginfo-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-enhanced-debuginfo-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-filesystem-8.0.1763-19.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-minimal-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-minimal-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-minimal-debuginfo-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-minimal-debuginfo-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-X11-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-X11-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-X11-debuginfo-8.0.1763-19.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-X11-debuginfo-8.0.1763-19.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim-X11 / vim-X11-debuginfo / vim-common / vim-common-debuginfo / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:40", "description": "According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-12-27T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2022-2877)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2023-01-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2022-2877.NASL", "href": "https://www.tenable.com/plugins/nessus/169313", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169313);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/09\");\n\n script_cve_id(\"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2022-2877)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2877\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a76876\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssl-1.1.1f-8.h30.eulerosv2r10\",\n \"openssl-libs-1.1.1f-8.h30.eulerosv2r10\",\n \"openssl-perl-1.1.1f-8.h30.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:40", "description": "According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-12-27T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2022-2895)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2023-01-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2022-2895.NASL", "href": "https://www.tenable.com/plugins/nessus/169307", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169307);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/09\");\n\n script_cve_id(\"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2022-2895)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2895\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e654afcd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssl-1.1.1f-8.h30.eulerosv2r10\",\n \"openssl-libs-1.1.1f-8.h30.eulerosv2r10\",\n \"openssl-perl-1.1.1f-8.h30.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:47", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-2300)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-10-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2300.NASL", "href": "https://www.tenable.com/plugins/nessus/165074", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165074);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-2300)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2300\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?581c76d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssl-1.1.1f-7.h26.eulerosv2r9\",\n \"openssl-libs-1.1.1f-7.h26.eulerosv2r9\",\n \"openssl-perl-1.1.1f-7.h26.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:40", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5818 advisory.\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : openssl (5818) (ALSA-2022:5818)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-10-18T00:00:00", "cpe": ["p-cpe:/a:alma:linux:openssl", "p-cpe:/a:alma:linux:openssl-devel", "p-cpe:/a:alma:linux:openssl-libs", "p-cpe:/a:alma:linux:openssl-perl", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-5818.NASL", "href": "https://www.tenable.com/plugins/nessus/164023", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:5818.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164023);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\"CVE-2022-1292\", \"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"ALSA\", value:\"2022:5818\");\n script_xref(name:\"IAVA\", value:\"2022-A-0186-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"AlmaLinux 8 : openssl (5818) (ALSA-2022:5818)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:5818 advisory.\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This\n script is distributed by some operating systems in a manner where it is automatically executed. On such\n operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of\n the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-5818.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'openssl-1.1.1k-7.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-1.1.1k-7.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-7.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-7.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-7.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-7.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1k-7.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1k-7.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / openssl-perl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:35", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-10-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2419.NASL", "href": "https://www.tenable.com/plugins/nessus/165792", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165792);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2419)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2419\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?24f150e4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssl-1.1.1f-8.h30.eulerosv2r10\",\n \"openssl-libs-1.1.1f-8.h30.eulerosv2r10\",\n \"openssl-perl-1.1.1f-8.h30.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:59", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2432)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-10-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2432.NASL", "href": "https://www.tenable.com/plugins/nessus/165812", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165812);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2432)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2432\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bad0b7e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssl-1.1.1f-8.h30.eulerosv2r10\",\n \"openssl-libs-1.1.1f-8.h30.eulerosv2r10\",\n \"openssl-perl-1.1.1f-8.h30.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:16", "description": "According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-09-23T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2022-2360)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-10-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2022-2360.NASL", "href": "https://www.tenable.com/plugins/nessus/165367", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165367);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\"CVE-2022-1292\", \"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0186-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2022-2360)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This\n script is distributed by some operating systems in a manner where it is automatically executed. On such\n operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of\n the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2360\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c033e31b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssl-1.1.1f-7.h26.eulerosv2r9\",\n \"openssl-libs-1.1.1f-7.h26.eulerosv2r9\",\n \"openssl-perl-1.1.1f-7.h26.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:04", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2308-1 advisory.\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2022:2308-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac-32bit", "p-cpe:/a:novell:suse_linux:openssl-1_1", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2308-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162926", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2308-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162926);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2022-1292\", \"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2308-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2022:2308-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2308-1 advisory.\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This\n script is distributed by some operating systems in a manner where it is automatically executed. On such\n operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of\n the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201099\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011417.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3440493e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2097\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libopenssl-1_1-devel-1.1.1l-150400.7.7.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libopenssl-1_1-devel-1.1.1l-150400.7.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libopenssl1_1-1.1.1l-150400.7.7.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libopenssl1_1-1.1.1l-150400.7.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libopenssl1_1-32bit-1.1.1l-150400.7.7.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libopenssl1_1-32bit-1.1.1l-150400.7.7.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libopenssl1_1-hmac-1.1.1l-150400.7.7.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libopenssl1_1-hmac-1.1.1l-150400.7.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libopenssl1_1-hmac-32bit-1.1.1l-150400.7.7.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libopenssl1_1-hmac-32bit-1.1.1l-150400.7.7.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'openssl-1_1-1.1.1l-150400.7.7.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'openssl-1_1-1.1.1l-150400.7.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libopenssl-1_1-devel-1.1.1l-150400.7.7.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libopenssl-1_1-devel-32bit-1.1.1l-150400.7.7.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libopenssl1_1-1.1.1l-150400.7.7.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libopenssl1_1-32bit-1.1.1l-150400.7.7.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libopenssl1_1-hmac-1.1.1l-150400.7.7.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libopenssl1_1-hmac-32bit-1.1.1l-150400.7.7.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'openssl-1_1-1.1.1l-150400.7.7.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'openssl-1_1-doc-1.1.1l-150400.7.7.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:05", "description": "According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-09-24T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2022-2396)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-10-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2022-2396.NASL", "href": "https://www.tenable.com/plugins/nessus/165405", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165405);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\"CVE-2022-1292\", \"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0186-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2022-2396)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This\n script is distributed by some operating systems in a manner where it is automatically executed. On such\n operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of\n the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2396\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d507c6b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssl-1.1.1f-7.h26.eulerosv2r9\",\n \"openssl-libs-1.1.1f-7.h26.eulerosv2r9\",\n \"openssl-perl-1.1.1f-7.h26.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:33:23", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9683 advisory.\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-05T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : openssl (ELSA-2022-9683)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-10-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-debugsource", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static"], "id": "ORACLELINUX_ELSA-2022-9683.NASL", "href": "https://www.tenable.com/plugins/nessus/163890", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9683.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163890);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\"CVE-2022-1292\", \"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0186-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"Oracle Linux 8 : openssl (ELSA-2022-9683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9683 advisory.\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This\n script is distributed by some operating systems in a manner where it is automatically executed. On such\n operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of\n the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9683.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'openssl-1.1.1k-7.ksplice1.el8_6', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-1.1.1k-7.ksplice1.el8_6', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-debugsource-1.1.1k-7.ksplice1.el8_6', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-devel-1.1.1k-7.ksplice1.el8_6', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-devel-1.1.1k-7.ksplice1.el8_6', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-devel-1.1.1k-7.ksplice1.el8_6', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-libs-1.1.1k-7.ksplice1.el8_6', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-libs-1.1.1k-7.ksplice1.el8_6', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-libs-1.1.1k-7.ksplice1.el8_6', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-perl-1.1.1k-7.ksplice1.el8_6', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-perl-1.1.1k-7.ksplice1.el8_6', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-static-1.1.1k-7.ksplice1.el8_6', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-debugsource / openssl-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:35:25", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-2329)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-10-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2329.NASL", "href": "https://www.tenable.com/plugins/nessus/165069", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165069);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-2329)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2329\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?946e9c2d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssl-1.1.1f-7.h26.eulerosv2r9\",\n \"openssl-libs-1.1.1f-7.h26.eulerosv2r9\",\n \"openssl-perl-1.1.1f-7.h26.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:36", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5818 advisory.\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : openssl (ELSA-2022-5818)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-10-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2022-5818.NASL", "href": "https://www.tenable.com/plugins/nessus/163744", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-5818.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163744);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/18\");\n\n script_cve_id(\"CVE-2022-1292\", \"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0186-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"Oracle Linux 8 : openssl (ELSA-2022-5818)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-5818 advisory.\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This\n script is distributed by some operating systems in a manner where it is automatically executed. On such\n operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of\n the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-5818.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'openssl-1.1.1k-7.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-1.1.1k-7.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-7.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-7.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-7.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-7.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-7.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-7.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1k-7.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1k-7.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:05", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2309-1 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2309-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac", "p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac-32bit", "p-cpe:/a:novell:suse_linux:openssl-1_1"], "id": "SUSE_SU-2022-2309-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162961", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2309-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162961);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2309-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2309-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2309-1 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.suse.com/pipermail/sle-updates/2022-July/023782.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2097\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libopenssl-1_1-devel-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-32bit-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-hmac-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-hmac-32bit-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssl-1_1-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl-1_1-devel-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl-1_1-devel-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl-1_1-devel-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-32bit-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'libopenssl1_1-hmac-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-hmac-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-hmac-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl1_1-hmac-32bit-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'openssl-1_1-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssl-1_1-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssl-1_1-1.1.0i-150000.4.74.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libopenssl-1_1-devel-1.1.0i-150000.4.74.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libopenssl1_1-1.1.0i-150000.4.74.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libopenssl1_1-hmac-1.1.0i-150000.4.74.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'openssl-1_1-1.1.0i-150000.4.74.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenssl-1_1-devel / libopenssl1_1 / libopenssl1_1-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:31:16", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5818 advisory.\n\n - openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n - openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\n - openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-03T00:00:00", "type": "nessus", "title": "RHEL 8 : openssl (RHSA-2022:5818)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl"], "id": "REDHAT-RHSA-2022-5818.NASL", "href": "https://www.tenable.com/plugins/nessus/163791", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5818. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163791);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-1292\", \"CVE-2022-2068\", \"CVE-2022-2097\");\n script_xref(name:\"IAVA\", value:\"2022-A-0186-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n script_xref(name:\"RHSA\", value:\"2022:5818\");\n script_xref(name:\"IAVA\", value:\"2022-A-0265-S\");\n\n script_name(english:\"RHEL 8 : openssl (RHSA-2022:5818)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5818 advisory.\n\n - openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n - openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\n - openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2097310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104905\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(77, 325);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openssl-1.1.1k-7.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-7.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-7.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1k-7.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openssl-1.1.1k-7.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-7.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-7.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1k-7.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / openssl-perl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:29", "description": "According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-12-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : linux-sgx (EulerOS-SA-2022-2852)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0778", "CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097"], "modified": "2022-12-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsgx-ae-le", "p-cpe:/a:huawei:euleros:libsgx-aesm-launch-plugin", "p-cpe:/a:huawei:euleros:libsgx-enclave-common", "p-cpe:/a:huawei:euleros:libsgx-launch", "p-cpe:/a:huawei:euleros:libsgx-urts", "p-cpe:/a:huawei:euleros:sgx-aesm-service", "p-cpe:/a:huawei:euleros:sgxsdk", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2852.NASL", "href": "https://www.tenable.com/plugins/nessus/169010", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169010);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/23\");\n\n script_cve_id(\n \"CVE-2022-0778\",\n \"CVE-2022-1292\",\n \"CVE-2022-2068\",\n \"CVE-2022-2097\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : linux-sgx (EulerOS-SA-2022-2852)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop\n forever for non-prime moduli. Internally this function is used when parsing certificates that contain\n elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point\n encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has\n invalid explicit curve parameters. Since certificate parsing happens prior to verification of the\n certificate signature, any process that parses an externally supplied certificate may thus be subject to a\n denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they\n can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients\n consuming server certificates - TLS servers consuming client certificates - Hosting providers taking\n certificates or private keys from customers - Certificate authorities parsing certification requests from\n subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that\n use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS\n issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate\n which makes it slightly harder to trigger the infinite loop. However any operation which requires the\n public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-\n signed certificate to trigger the loop during verification of the certificate signature. This issue\n affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the\n 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected\n 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This\n script is distributed by some operating systems in a manner where it is automatically executed. On such\n operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of\n the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\n - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt\n the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was\n preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes\n of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and\n DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q\n (Affected 1.1.1-1.1.1p). (CVE-2022-2097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2852\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?98d8ed65\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected linux-sgx packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsgx-ae-le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsgx-aesm-launch-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsgx-enclave-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsgx-launch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsgx-urts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sgx-aesm-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sgxsdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsgx-ae-le-2.11.100-9.h14.eulerosv2r10\",\n \"libsgx-aesm-launch-plugin-2.11.100-9.h14.eulerosv2r10\",\n \"libsgx-enclave-common-2.11.100-9.h14.eulerosv2r10\",\n \"libsgx-launch-2.11.100-9.h14.eulerosv2r10\",\n \"libsgx-urts-2.11.100-9.h14.eulerosv2r10\",\n \"sgx-aesm-service-2.11.100-9.h14.eulerosv2r10\",\n \"sgxsdk-2.11.100-9.h14.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-sgx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:28", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2327-1 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a malloc bomb, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. (CVE-2022-32206)\n\n - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.\n This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2022:2327-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32206", "CVE-2022-32208"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:libcurl-devel", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-32bit", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2327-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162956", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2327-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162956);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2022-32206\", \"CVE-2022-32208\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2327-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0255-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2022:2327-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2327-1 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be\n compressed multiple times and potentially with different algorithms. The number of acceptable links in\n this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited\n number of compression steps.The use of such a decompression chain could result in a malloc bomb,\n makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of\n memory errors. (CVE-2022-32206)\n\n - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.\n This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject\n data to the client. (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200737\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011473.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0597048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32208\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32208\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'curl-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libcurl-devel-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libcurl4-32bit-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libcurl4-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'curl-7.66.0-150200.4.36.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'curl-7.66.0-150200.4.36.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libcurl-devel-7.66.0-150200.4.36.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libcurl-devel-7.66.0-150200.4.36.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libcurl4-32bit-7.66.0-150200.4.36.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libcurl4-32bit-7.66.0-150200.4.36.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libcurl4-7.66.0-150200.4.36.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libcurl4-7.66.0-150200.4.36.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'curl-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libcurl-devel-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libcurl4-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'curl-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'curl-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libcurl-devel-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libcurl-devel-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libcurl4-32bit-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'libcurl4-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libcurl4-7.66.0-150200.4.36.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'curl-7.66.0-150200.4.36.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libcurl-devel-32bit-7.66.0-150200.4.36.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libcurl-devel-7.66.0-150200.4.36.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libcurl4-32bit-7.66.0-150200.4.36.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libcurl4-7.66.0-150200.4.36.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'curl-7.66.0-150200.4.36.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libcurl-devel-7.66.0-150200.4.36.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libcurl4-7.66.0-150200.4.36.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / libcurl4-32bit');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:58", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2288-1 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a malloc bomb, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. (CVE-2022-32206)\n\n - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.\n This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : curl (SUSE-SU-2022:2288-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32206", "CVE-2022-32208"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:libcurl-devel", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-32bit", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2288-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162966", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2288-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162966);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-32206\", \"CVE-2022-32208\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2288-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0255-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : curl (SUSE-SU-2022:2288-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2288-1 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be\n compressed multiple times and potentially with different algorithms. The number of acceptable links in\n this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited\n number of compression steps.The use of such a decompression chain could result in a malloc bomb,\n makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of\n memory errors. (CVE-2022-32206)\n\n - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.\n This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject\n data to the client. (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.suse.com/pipermail/sle-updates/2022-July/023784.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32208\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl, libcurl-devel, libcurl4 and / or libcurl4-32bit packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32208\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'curl-7.60.0-11.43.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libcurl-devel-7.60.0-11.43.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'libcurl4-32bit-7.60.0-11.43.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libcurl4-7.60.0-11.43.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / libcurl-devel / libcurl4 / libcurl4-32bit');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:51", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6159 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a malloc bomb, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. (CVE-2022-32206)\n\n - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.\n This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-24T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : curl (ELSA-2022-6159)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:curl", "p-cpe:/a:oracle:linux:libcurl", "p-cpe:/a:oracle:linux:libcurl-devel", "p-cpe:/a:oracle:linux:libcurl-minimal"], "id": "ORACLELINUX_ELSA-2022-6159.NASL", "href": "https://www.tenable.com/plugins/nessus/164383", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-6159.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164383);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/13\");\n\n script_cve_id(\"CVE-2022-32206\", \"CVE-2022-32208\");\n script_xref(name:\"IAVA\", value:\"2022-A-0255-S\");\n\n script_name(english:\"Oracle Linux 8 : curl (ELSA-2022-6159)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-6159 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be\n compressed multiple times and potentially with different algorithms. The number of acceptable links in\n this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited\n number of compression steps.The use of such a decompression chain could result in a malloc bomb,\n makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of\n memory errors. (CVE-2022-32206)\n\n - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.\n This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject\n data to the client. (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-6159.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32208\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl-minimal\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'curl-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / libcurl / libcurl-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:11", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6159 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a malloc bomb, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. (CVE-2022-32206)\n\n - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.\n This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-31T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : curl (ALSA-2022:6159)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:curl", "p-cpe:/a:alma:linux:libcurl", "p-cpe:/a:alma:linux:libcurl-devel", "p-cpe:/a:alma:linux:libcurl-minimal", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-6159.NASL", "href": "https://www.tenable.com/plugins/nessus/164526", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:6159.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164526);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/13\");\n\n script_cve_id(\"CVE-2022-32206\", \"CVE-2022-32208\");\n script_xref(name:\"ALSA\", value:\"2022:6159\");\n script_xref(name:\"IAVA\", value:\"2022-A-0255-S\");\n\n script_name(english:\"AlmaLinux 8 : curl (ALSA-2022:6159)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:6159 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be\n compressed multiple times and potentially with different algorithms. The number of acceptable links in\n this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited\n number of compression steps.The use of such a decompression chain could result in a malloc bomb,\n makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of\n memory errors. (CVE-2022-32206)\n\n - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.\n This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject\n data to the client. (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-6159.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32208\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libcurl-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'curl-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / libcurl / libcurl-devel / libcurl-minimal');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:34:56", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6159 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a malloc bomb, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. (CVE-2022-32206)\n\n - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.\n This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-29T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : curl (RLSA-2022:6159)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-13T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:curl", "p-cpe:/a:rocky:linux:curl-debuginfo", "p-cpe:/a:rocky:linux:curl-debugsource", "p-cpe:/a:rocky:linux:libcurl", "p-cpe:/a:rocky:linux:libcurl-debuginfo", "p-cpe:/a:rocky:linux:libcurl-devel", "p-cpe:/a:rocky:linux:libcurl-minimal", "p-cpe:/a:rocky:linux:libcurl-minimal-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-6159.NASL", "href": "https://www.tenable.com/plugins/nessus/164490", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:6159.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164490);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/13\");\n\n script_cve_id(\"CVE-2022-32206\", \"CVE-2022-32208\");\n script_xref(name:\"RLSA\", value:\"2022:6159\");\n script_xref(name:\"IAVA\", value:\"2022-A-0255-S\");\n\n script_name(english:\"Rocky Linux 8 : curl (RLSA-2022:6159)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:6159 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be\n compressed multiple times and potentially with different algorithms. The number of acceptable links in\n this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited\n number of compression steps.The use of such a decompression chain could result in a malloc bomb,\n makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of\n memory errors. (CVE-2022-32206)\n\n - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.\n This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject\n data to the client. (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:6159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2099300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2099306\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32208\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libcurl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libcurl-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libcurl-minimal-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'curl-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-debuginfo-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-debuginfo-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-debuginfo-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-debugsource-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-debugsource-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-debugsource-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-debuginfo-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-debuginfo-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-debuginfo-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-debuginfo-7.61.1-22.el8_6.4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-debuginfo-7.61.1-22.el8_6.4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-debuginfo-7.61.1-22.el8_6.4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / curl-debuginfo / curl-debugsource / libcurl / libcurl-debuginfo / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T20:30:16", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6159 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a malloc bomb, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. (CVE-2022-32206)\n\n - curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-24T00:00:00", "type": "nessus", "title": "RHEL 8 : curl (RHSA-2022:6159)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32206", "CVE-2022-32208"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:curl", "p-cpe:/a:redhat:enterprise_linux:libcurl", "p-cpe:/a:redhat:enterprise_linux:libcurl-devel", "p-cpe:/a:redhat:enterprise_linux:libcurl-minimal"], "id": "REDHAT-RHSA-2022-6159.NASL", "href": "https://www.tenable.com/plugins/nessus/164389", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6159. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164389);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-32206\", \"CVE-2022-32208\");\n script_xref(name:\"RHSA\", value:\"2022:6159\");\n script_xref(name:\"IAVA\", value:\"2022-A-0255-S\");\n\n script_name(english:\"RHEL 8 : curl (RHSA-2022:6159)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:6159 advisory.\n\n - curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be\n compressed multiple times and potentially with different algorithms. The number of acceptable links in\n this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited\n number of compression steps.The use of such a decompression chain could result in a malloc bomb,\n makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of\n memory errors. (CVE-2022-32206)\n\n - curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2099306\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32208\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(770, 924);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'curl-7.61.1-22.el8_6.4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-22.el8_6.4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-22.el8_6.4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-22.el8_6.4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'curl-7.61.1-22.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-22.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-22.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-22.el8_6.4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / libcurl / libcurl-devel / libcurl-minimal');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:34", "description": "The version of OpenSSL installed on the remote host is prior to 1.0.2zf. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zf advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-21T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.2 < 1.0.2zf Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2ZF.NASL", "href": "https://www.tenable.com/plugins/nessus/162419", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162419);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2068\");\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2zf Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote host is prior to 1.0.2zf. It is, therefore, affected by a vulnerability\nas referenced in the 1.0.2zf advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cve.org/CVERecord?id=CVE-2022-2068\");\n # https://github.com/openssl/openssl/commit/7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d70cc2c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20220621.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.2zf or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude('openssl_version.inc');\n\nopenssl_check_version(fixed:'1.0.2zf', min:'1.0.2', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:41", "description": "The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5488-2 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-07T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : OpenSSL vulnerability (USN-5488-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:libssl-dev", "p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "p-cpe:/a:canonical:ubuntu_linux:openssl"], "id": "UBUNTU_USN-5488-2.NASL", "href": "https://www.tenable.com/plugins/nessus/162773", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5488-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162773);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-2068\");\n script_xref(name:\"USN\", value:\"5488-2\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n\n script_name(english:\"Ubuntu 16.04 ESM : OpenSSL vulnerability (USN-5488-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the\nUSN-5488-2 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5488-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libssl-dev, libssl1.0.0 and / or openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libssl-dev', 'pkgver': '1.0.2g-1ubuntu4.20+esm5'},\n {'osver': '16.04', 'pkgname': 'libssl1.0.0', 'pkgver': '1.0.2g-1ubuntu4.20+esm5'},\n {'osver': '16.04', 'pkgname': 'openssl', 'pkgver': '1.0.2g-1ubuntu4.20+esm5'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libssl-dev / libssl1.0.0 / openssl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:36", "description": "The version of OpenSSL installed on the remote host is prior to 1.1.1p. It is, therefore, affected by a vulnerability as referenced in the 1.1.1p advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-21T00:00:00", "type": "nessus", "title": "OpenSSL 1.1.1 < 1.1.1p Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_1_1P.NASL", "href": "https://www.tenable.com/plugins/nessus/162420", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162420);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2068\");\n\n script_name(english:\"OpenSSL 1.1.1 < 1.1.1p Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote host is prior to 1.1.1p. It is, therefore, affected by a vulnerability as\nreferenced in the 1.1.1p advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cve.org/CVERecord?id=CVE-2022-2068\");\n # https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?649f2b04\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20220621.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.1.1p or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude('openssl_version.inc');\n\nopenssl_check_version(fixed:'1.1.1p', min:'1.1.1', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:38", "description": "The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5169 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-27T00:00:00", "type": "nessus", "title": "Debian DSA-5169-1 : openssl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcrypto1.1-udeb", "p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl-doc", "p-cpe:/a:debian:debian_linux:libssl1.1", "p-cpe:/a:debian:debian_linux:libssl1.1-udeb", "p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5169.NASL", "href": "https://www.tenable.com/plugins/nessus/162549", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5169. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162549);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2068\");\n\n script_name(english:\"Debian DSA-5169-1 : openssl - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5169\nadvisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/openssl\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/openssl\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/openssl\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 1.1.1n-0+deb11u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto1.1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+|^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0 / 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libcrypto1.1-udeb', 'reference': '1.1.1n-0+deb10u3'},\n {'release': '10.0', 'prefix': 'libssl-dev', 'reference': '1.1.1n-0+deb10u3'},\n {'release': '10.0', 'prefix': 'libssl-doc', 'reference': '1.1.1n-0+deb10u3'},\n {'release': '10.0', 'prefix': 'libssl1.1', 'reference': '1.1.1n-0+deb10u3'},\n {'release': '10.0', 'prefix': 'libssl1.1-udeb', 'reference': '1.1.1n-0+deb10u3'},\n {'release': '10.0', 'prefix': 'openssl', 'reference': '1.1.1n-0+deb10u3'},\n {'release': '11.0', 'prefix': 'libcrypto1.1-udeb', 'reference': '1.1.1n-0+deb11u3'},\n {'release': '11.0', 'prefix': 'libssl-dev', 'reference': '1.1.1n-0+deb11u3'},\n {'release': '11.0', 'prefix': 'libssl-doc', 'reference': '1.1.1n-0+deb11u3'},\n {'release': '11.0', 'prefix': 'libssl1.1', 'reference': '1.1.1n-0+deb11u3'},\n {'release': '11.0', 'prefix': 'libssl1.1-udeb', 'reference': '1.1.1n-0+deb11u3'},\n {'release': '11.0', 'prefix': 'openssl', 'reference': '1.1.1n-0+deb11u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libcrypto1.1-udeb / libssl-dev / libssl-doc / libssl1.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:31", "description": "It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-123 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-123)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2022-09-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-debugsource", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-libs", "p-cpe:/a:amazon:linux:openssl-libs-debuginfo", "p-cpe:/a:amazon:linux:openssl-perl", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-123.NASL", "href": "https://www.tenable.com/plugins/nessus/164758", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-123.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164758);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/13\");\n\n script_cve_id(\"CVE-2022-2068\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-123)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-123 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-123.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2068.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update --releasever=2022.0.20220728 openssl' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'openssl-3.0.3-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-3.0.3-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-3.0.3-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-debuginfo-3.0.3-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-debuginfo-3.0.3-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-debuginfo-3.0.3-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-debugsource-3.0.3-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-debugsource-3.0.3-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-debugsource-3.0.3-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-devel-3.0.3-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-devel-3.0.3-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-devel-3.0.3-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-libs-3.0.3-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-libs-3.0.3-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-libs-3.0.3-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-libs-debuginfo-3.0.3-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-libs-debuginfo-3.0.3-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-libs-debuginfo-3.0.3-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-perl-3.0.3-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-perl-3.0.3-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-perl-3.0.3-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-debugsource / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:50", "description": "The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1832 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-08T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : openssl11 (ALAS-2022-1832)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2022-08-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl11", "p-cpe:/a:amazon:linux:openssl11-debuginfo", "p-cpe:/a:amazon:linux:openssl11-devel", "p-cpe:/a:amazon:linux:openssl11-libs", "p-cpe:/a:amazon:linux:openssl11-static", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1832.NASL", "href": "https://www.tenable.com/plugins/nessus/163917", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1832.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163917);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/16\");\n\n script_cve_id(\"CVE-2022-2068\");\n script_xref(name:\"IAVA\", value:\"2022-A-0257-S\");\n\n script_name(english:\"Amazon Linux 2 : openssl11 (ALAS-2022-1832)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2022-1832 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1832.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2068.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update openssl11' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl11-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'openssl11-1.1.1g-12.amzn2.0.9', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-1.1.1g-12.amzn2.0.9', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-1.1.1g-12.amzn2.0.9', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-debuginfo-1.1.1g-12.amzn2.0.9', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-debuginfo-1.1.1g-12.amzn2.0.9', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-debuginfo-1.1.1g-12.amzn2.0.9', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-devel-1.1.1g-12.amzn2.0.9', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-devel-1.1.1g-12.amzn2.0.9', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-devel-1.1.1g-12.amzn2.0.9', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-libs-1.1.1g-12.amzn2.0.9', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-libs-1.1.1g-12.amzn2.0.9', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-libs-1.1.1g-12.amzn2.0.9', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-static-1.1.1g-12.amzn2.0.9', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-static-1.1.1g-12.amzn2.0.9', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-static-1.1.1g-12.amzn2.0.9', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl11 / openssl11-debuginfo / openssl11-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:58", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : openssl (EulerOS-SA-2022-2446)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2022-10-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl-1.0.2k", "p-cpe:/a:huawei:euleros:openssl-devel-1.0.2k", "p-cpe:/a:huawei:euleros:openssl-libs-1.0.2k", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2446.NASL", "href": "https://www.tenable.com/plugins/nessus/165787", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165787);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/08\");\n\n script_cve_id(\"CVE-2022-2068\");\n\n script_name(english:\"EulerOS 2.0 SP5 : openssl (EulerOS-SA-2022-2446)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2446\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0b7831e0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-1.0.2k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel-1.0.2k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs-1.0.2k\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssl-1.0.2k-16.h17.eulerosv2r7\",\n \"openssl-devel-1.0.2k-16.h17.eulerosv2r7\",\n \"openssl-libs-1.0.2k-16.h17.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:01", "description": "According to the versions of the compat-openssl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : compat-openssl (EulerOS-SA-2022-2548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2022-10-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:compat-openssl10", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-2548.NASL", "href": "https://www.tenable.com/plugins/nessus/165962", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165962);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/10\");\n\n script_cve_id(\"CVE-2022-2068\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : compat-openssl (EulerOS-SA-2022-2548)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the compat-openssl package installed, the EulerOS Virtualization installation on the remote\nhost is affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2548\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d82dd8fd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected compat-openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:compat-openssl10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"compat-openssl10-1.0.2o-3.h15.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:14", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:2179-1 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-25T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2179-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel", "p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel-32bit", "p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac-32bit", "p-cpe:/a:novell:suse_linux:openssl-1_1", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2179-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162530", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2179-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162530);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-2068\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2179-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2179-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-\nSU-2022:2179-1 advisory.\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200550\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011349.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?78b0bb13\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2068\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libopenssl-1_1-devel-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libopenssl-1_1-devel-32bit-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libopenssl1_1-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libopenssl1_1-32bit-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libopenssl1_1-hmac-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libopenssl1_1-hmac-32bit-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'openssl-1_1-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libopenssl-1_1-devel-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libopenssl1_1-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libopenssl1_1-hmac-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'openssl-1_1-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libopenssl-1_1-devel-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libopenssl-1_1-devel-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libopenssl-1_1-devel-32bit-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'libopenssl1_1-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libopenssl1_1-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libopenssl1_1-32bit-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'libopenssl1_1-hmac-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libopenssl1_1-hmac-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libopenssl1_1-hmac-32bit-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'openssl-1_1-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'openssl-1_1-1.1.0i-150100.14.33.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libopenssl-1_1-devel-1.1.0i-150100.14.33.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libopenssl1_1-1.1.0i-150100.14.33.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libopenssl1_1-hmac-1.1.0i-150100.14.33.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'openssl-1_1-1.1.0i-150100.14.33.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:31", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : openssl (EulerOS-SA-2022-2629)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2022-10-27T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl-1.0.2k", "p-cpe:/a:huawei:euleros:openssl-devel-1.0.2k", "p-cpe:/a:huawei:euleros:openssl-libs-1.0.2k", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2629.NASL", "href": "https://www.tenable.com/plugins/nessus/166627", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166627);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/27\");\n\n script_cve_id(\"CVE-2022-1292\", \"CVE-2022-2068\");\n\n script_name(english:\"EulerOS 2.0 SP3 : openssl (EulerOS-SA-2022-2629)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This\n script is distributed by some operating systems in a manner where it is automatically executed. On such\n operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of\n the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.\n Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).\n Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances\n where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection\n were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other\n places in the script where the file names of certificates being hashed were possibly passed to a command\n executed through the shell. This script is distributed by some operating systems in a manner where it is\n automatically executed. On such operating systems, an attacker could execute arbitrary commands with the\n privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the\n OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in\n OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2629\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01beddd7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-1.0.2k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel-1.0.2k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs-1.0.2k\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssl-1.0.2k-16.h20\",\n \"openssl-devel-1.0.2k-16.h20\",\n \"openssl-libs-1.0.2k-16.h20\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:00", "description": "According to the versions of the compat-openssl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : compat-openssl (EulerOS-SA-2022-2215)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1292", "CVE-2022-2068"], "modified": "2022-08-17T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:compat-openssl10", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2215.NASL", "href": "https://www.tenable.com/plugins/nessus/164249", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164249);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/17\");\n\n script_cve_id(\"CVE-2022-2068\");\n\n script_name(english:\"EulerOS 2.0 SP8 : compat-openssl (EulerOS-SA-2022-2215)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the compat-openssl package installed, the EulerOS installation on t

(RHSA-2022:6182) Moderate: Openshift Logging Security and Bug Fix update (5.3.11)

Description

Related