ID SECURITYVULNS:DOC:22170 Type securityvulns Reporter Securityvulns Modified 2009-07-16T00:00:00
Description
Virtualmin Multiple Vulnerabilities
by Filip Palian <filip (dot) palian (at) pjwstk (dot) edu (dot) pl
Software affected:
Virtualmin < 3.703
Description (from the vendor site):
"Virtualmin is the world's most powerful and flexible web server control
panel.
Manage your virtual domains, mailboxes, databases, applications, and the
entire server, from one comprehensive interface".
Overview:
Virtualmin is prone to multiple vulnerabilities.
1 Unprivileged port use
The Virtualmin listens by default on port 10000. Regular users are able
to run
their own daemon on that port and prevent Virtualmin to run.
2 XSS
The Virtualmin doesn't validate input data correctly in some scripts. As a
result attackers are able to conduct XSS and CSRF attacks. Note that
"referers_none" configuration option must be set to "0", when it's set
to "1"
by default.
It's possible to view and/or copy any file on the server due to system()
call
in mysql module, which copies any file specified by the user
to Virtualmin temporary dir. Note it's a time based attack as the copied
file
is almost immediately removed after creation.
5 Information disclousure
It's possible to view any file on the server because Virtualmin doesn't drop
root privileges to perform some of its actions.
Example:
Use the "Execute SQL" feature in the mysql module by passing
"/etc/master.passwd" parameter as the file path to the .sql file:
-- cut --
Output from SQL commands in file /etc/master.passwd ..
ERROR 1064 (42000) at line 3: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near 'root:$1$HASH_HERE.:0:0::0:0:Charlie
&:/root:/usr/local/bin/' at line 1
-- cut --
6 Symlink attacks
There are Virtualmin modules which allows the attacker to conduct a
successful symlink attack, which may lead to a full compromise of the
server.
Example for "Backup Virtual Servers":
1) Regular user creates backupdir and symlink:
$ mkdir virtualmin-backup && ln -s /etc/master.passwd
virtualmin-backup/test
$ ls -la /etc/master.passwd
-rw------- 1 root wheel 1024 Jan 19 23:08 /etc/master.passwd
2) From the panel regular user creates backup:
"Backup and Restore" -> "Backup Virtual Servers" and "Destination and
format"
set options to:
Backup destination [x] File or directory under virtualmin-backup/ - "test"
Backup format [x] Single archive file
and create backup by submitting "Backup Now".
3) Regular user now owns the symlinked file:
$ ls -la /etc/master.passwd
-rw------- 1 user user 1024 Jan 21 00:51 /etc/master.passwd
Status:
The vendor has provided updates and solutions to all vulnerabilities
described above. Upgrading immediately is strongly recommended for all
Virtualmin users.
Disclosure timeline:
21 VI 2009: Detailed information with examples and PoCs sent to the vendor.
24 VI 2009: Initial vendor response.
25 VI 2009: Few more vulnerabilities with examples and PoCs sent to the
vendor.
26 VI 2009: Hot fix for the mysql module released by the vendor.
05 VII 2009: New version of the Virtualmin with fixes released by the
vendor.
14 VII 2009: Security bulletin released.
{"id": "SECURITYVULNS:DOC:22170", "bulletinFamily": "software", "title": "Virtualmin Multiple Vulnerabilities", "description": "Virtualmin Multiple Vulnerabilities\r\n\r\nby Filip Palian <filip (dot) palian (at) pjwstk (dot) edu (dot) pl\r\n\r\nSoftware affected:\r\nVirtualmin < 3.703\r\n\r\nDescription (from the vendor site):\r\n"Virtualmin is the world's most powerful and flexible web server control\r\npanel.\r\nManage your virtual domains, mailboxes, databases, applications, and the\r\nentire server, from one comprehensive interface".\r\n\r\nOverview:\r\nVirtualmin is prone to multiple vulnerabilities.\r\n\r\n#1 Unprivileged port use\r\nThe Virtualmin listens by default on port 10000. Regular users are able\r\nto run\r\ntheir own daemon on that port and prevent Virtualmin to run.\r\n\r\n#2 XSS\r\nThe Virtualmin doesn't validate input data correctly in some scripts. As a\r\nresult attackers are able to conduct XSS and CSRF attacks. Note that\r\n"referers_none" configuration option must be set to "0", when it's set\r\nto "1"\r\nby default.\r\n\r\nExamples:\r\nhttps://127.0.0.1:10000/left.cgi?mode=ea&dom='><script>alert(document.cookie);</script>\r\nhttps://127.0.0.1:10000/virtual-server/link.cgi/%3Ci%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E\r\n\r\n#3 Anonymous proxy\r\nThe attacker is able to use "Preview Website" featrue to hide hers real\r\nlocation and conduct attacks on different servers in the Internet.\r\n\r\nExample:\r\nhttps://127.0.0.1:10000/virtual-server/link.cgi/67.228.198.99/http://www.virtualmin.com/\r\n\r\n#4 Information disclousure\r\nIt's possible to view and/or copy any file on the server due to system()\r\ncall\r\nin mysql module, which copies any file specified by the user\r\nto Virtualmin temporary dir. Note it's a time based attack as the copied\r\nfile\r\nis almost immediately removed after creation.\r\n\r\n#5 Information disclousure\r\nIt's possible to view any file on the server because Virtualmin doesn't drop\r\nroot privileges to perform some of its actions.\r\n\r\nExample:\r\nUse the "Execute SQL" feature in the mysql module by passing\r\n"/etc/master.passwd" parameter as the file path to the .sql file:\r\n\r\n-- cut --\r\nOutput from SQL commands in file /etc/master.passwd ..\r\nERROR 1064 (42000) at line 3: You have an error in your SQL syntax;\r\ncheck the manual that corresponds to your MySQL server version for the\r\nright syntax to use near 'root:$1$HASH_HERE.:0:0::0:0:Charlie\r\n&:/root:/usr/local/bin/' at line 1\r\n-- cut --\r\n\r\n#6 Symlink attacks\r\nThere are Virtualmin modules which allows the attacker to conduct a\r\nsuccessful symlink attack, which may lead to a full compromise of the\r\nserver.\r\n\r\nExample for "Backup Virtual Servers":\r\n1) Regular user creates backupdir and symlink:\r\n $ mkdir virtualmin-backup && ln -s /etc/master.passwd\r\nvirtualmin-backup/test\r\n $ ls -la /etc/master.passwd\r\n -rw------- 1 root wheel 1024 Jan 19 23:08 /etc/master.passwd\r\n\r\n2) From the panel regular user creates backup:\r\n "Backup and Restore" -> "Backup Virtual Servers" and "Destination and\r\nformat"\r\n\r\nset options to:\r\n\r\n Backup destination [x] File or directory under virtualmin-backup/ - "test"\r\n Backup format [x] Single archive file\r\n\r\nand create backup by submitting "Backup Now".\r\n\r\n3) Regular user now owns the symlinked file:\r\n $ ls -la /etc/master.passwd\r\n -rw------- 1 user user 1024 Jan 21 00:51 /etc/master.passwd\r\n\r\nStatus:\r\nThe vendor has provided updates and solutions to all vulnerabilities\r\ndescribed above. Upgrading immediately is strongly recommended for all\r\nVirtualmin users.\r\n\r\nDisclosure timeline:\r\n21 VI 2009: Detailed information with examples and PoCs sent to the vendor.\r\n24 VI 2009: Initial vendor response.\r\n25 VI 2009: Few more vulnerabilities with examples and PoCs sent to the\r\nvendor.\r\n26 VI 2009: Hot fix for the mysql module released by the vendor.\r\n05 VII 2009: New version of the Virtualmin with fixes released by the\r\nvendor.\r\n14 VII 2009: Security bulletin released.\r\n\r\nLinks:\r\n* http://www.virtualmin.com/\r\n* http://www.virtualmin.com/node/10412\r\n* http://www.virtualmin.com/node/10413\r\n\r\n\r\nBest regards,\r\nFilip Palian", "published": "2009-07-16T00:00:00", "modified": "2009-07-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22170", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:31", "edition": 1, "viewCount": 16, "enchantments": {"score": {"value": 3.3, "vector": "NONE", "modified": "2018-08-31T11:10:31", "rev": 2}, "dependencies": {"references": [{"type": "securelist", "idList": ["SECURELIST:FED90A1B8959D4636DBADB1E135F7BF7"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1527.NASL", "ALA_ALAS-2020-1364.NASL", "NEWSTART_CGSL_NS-SA-2020-0027_CHRONY.NASL", "EULEROS_SA-2020-1563.NASL", "DEBIAN_DLA-2192.NASL", "EULEROS_SA-2020-1532.NASL", "EULEROS_SA-2020-1591.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201591"]}, {"type": "mskb", "idList": ["KB980195", "KB2496326", "KB2647516", "KB2559049", "KB2979597", "KB2586448"]}, {"type": "github", "idList": ["GHSA-R854-96GQ-RFG3"]}, {"type": "amazon", "idList": ["ALAS-2020-1364"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/SALTSTACK_SALT_ROOT_KEY"]}, {"type": "thn", "idList": ["THN:9F1824BD0EEB6A1695B53AE380D04BF9"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:157528"]}], "modified": "2018-08-31T11:10:31", "rev": 2}, "vulnersScore": 3.3}, "affectedSoftware": []}
{"ossfuzz": [{"lastseen": "2020-08-10T20:03:59", "bulletinFamily": "software", "cvelist": [], "description": "Detailed Report: https://oss-fuzz.com/testcase?key=5706473062793216\n\nProject: imagemagick\nFuzzing Engine: libFuzzer\nFuzz Target: encoder_heic_fuzzer\nJob Type: libfuzzer_asan_imagemagick\nPlatform Id: linux\n\nCrash Type: Heap-buffer-overflow READ 1\nCrash Address: 0x61b00001db3c\nCrash State:\n derive_collocated_motion_vectors\n derive_temporal_luma_vector_prediction\n fill_luma_motion_vector_predictors\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: Medium\n\nCrash Revision: https://oss-fuzz.com/revisions?job=libfuzzer_asan_imagemagick&revision=202005120138\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5706473062793216\n\nIssue filed automatically.\n\nSee https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.\n\n************************* UNREPRODUCIBLE *************************\nNote: This crash might not be reproducible with the provided testcase. That said, for the past 14 days, we've been seeing this crash frequently.\n\nIt may be possible to reproduce by trying the following options:\n- Run testcase multiple times for a longer duration.\n- Run fuzzing without testcase argument to hit the same crash signature.\n\nIf it still does not reproduce, try a speculative fix based on the crash stacktrace and verify if it works by looking at the crash statistics in the report. We will auto-close the bug if the crash is not seen for 14 days.\n******************************************************************\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.", "modified": "2020-08-10T20:01:41", "published": "2020-05-12T09:22:11", "id": "OSSFUZZ-22170", "href": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22170", "type": "ossfuzz", "title": "imagemagick:encoder_heic_fuzzer: Heap-buffer-overflow in derive_collocated_motion_vectors", "cvss": {}}], "cve": [{"lastseen": "2021-02-02T06:14:28", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:21", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T05:35:21", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:21:32", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:36:37", "description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-25T16:29:00", "title": "CVE-2017-14729", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14729"], "modified": "2017-09-28T16:51:00", "cpe": ["cpe:/a:gnu:binutils:2.29"], "id": "CVE-2017-14729", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14729", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-29T14:04:22", "description": "The Docker images provided with SUSE CaaS Platform 2.0 have been\nupdated to include the following updates: binutils :\n\n - Update to version 2.29\n\n - 18750 bsc#1030296 CVE-2014-9939\n\n - 20891 bsc#1030585 CVE-2017-7225\n\n - 20892 bsc#1030588 CVE-2017-7224\n\n - 20898 bsc#1030589 CVE-2017-7223\n\n - 20905 bsc#1030584 CVE-2017-7226\n\n - 20908 bsc#1031644 CVE-2017-7299\n\n - 20909 bsc#1031656 CVE-2017-7300\n\n - 20921 bsc#1031595 CVE-2017-7302\n\n - 20922 bsc#1031593 CVE-2017-7303\n\n - 20924 bsc#1031638 CVE-2017-7301\n\n - 20931 bsc#1031590 CVE-2017-7304\n\n - 21135 bsc#1030298 CVE-2017-7209\n\n - 21137 bsc#1029909 CVE-2017-6965\n\n - 21139 bsc#1029908 CVE-2017-6966\n\n - 21156 bsc#1029907 CVE-2017-6969\n\n - 21157 bsc#1030297 CVE-2017-7210\n\n - 21409 bsc#1037052 CVE-2017-8392\n\n - 21412 bsc#1037057 CVE-2017-8393\n\n - 21414 bsc#1037061 CVE-2017-8394\n\n - 21432 bsc#1037066 CVE-2017-8396\n\n - 21440 bsc#1037273 CVE-2017-8421\n\n - 21580 bsc#1044891 CVE-2017-9746\n\n - 21581 bsc#1044897 CVE-2017-9747\n\n - 21582 bsc#1044901 CVE-2017-9748\n\n - 21587 bsc#1044909 CVE-2017-9750\n\n - 21594 bsc#1044925 CVE-2017-9755\n\n - 21595 bsc#1044927 CVE-2017-9756\n\n - 21787 bsc#1052518 CVE-2017-12448\n\n - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507,\n CVE-2017-12454, bsc#1052509, CVE-2017-12453,\n bsc#1052511, CVE-2017-12452, bsc#1052514,\n CVE-2017-12450, bsc#1052503, CVE-2017-12456,\n bsc#1052507, CVE-2017-12454, bsc#1052509,\n CVE-2017-12453, bsc#1052511, CVE-2017-12452,\n bsc#1052514, CVE-2017-12450\n\n - 21933 bsc#1053347 CVE-2017-12799\n\n - 21990 bsc#1058480 CVE-2017-14333\n\n - 22018 bsc#1056312 CVE-2017-13757\n\n - 22047 bsc#1057144 CVE-2017-14129\n\n - 22058 bsc#1057149 CVE-2017-14130\n\n - 22059 bsc#1057139 CVE-2017-14128\n\n - 22113 bsc#1059050 CVE-2017-14529\n\n - 22148 bsc#1060599 CVE-2017-14745\n\n - 22163 bsc#1061241 CVE-2017-14974\n\n - 22170 bsc#1060621 CVE-2017-14729\n\n - Make compressed debug section handling explicit, disable\n for old products and enable for gas on all architectures\n otherwise. [bsc#1029995]\n\n - Remove empty rpath component removal optimization from\n to workaround CMake rpath handling. [bsc#1025282]\n\n - Fix alignment frags for aarch64 (bsc#1003846) \ncoreutils :\n\n - Fix df(1) to no longer interact with excluded file\n system types, so for example specifying -x nfs no longer\n hangs with problematic nfs mounts. (bsc#1026567)\n\n - Ensure df -l no longer interacts with dummy file system\n types, so for example no longer hangs with problematic\n NFS mounted via system.automount(5). (bsc#1043059)\n\n - Significantly speed up df(1) for huge mount lists.\n (bsc#965780) file :\n\n - update to version 5.22.\n\n - CVE-2014-9621: The ELF parser in file allowed remote\n attackers to cause a denial of service via a long\n string. (bsc#913650)\n\n - CVE-2014-9620: The ELF parser in file allowed remote\n attackers to cause a denial of service via a large\n number of notes. (bsc#913651)\n\n - CVE-2014-9653: readelf.c in file did not consider that\n pread calls sometimes read only a subset of the\n available data, which allows remote attackers to cause a\n denial of service (uninitialized memory access) or\n possibly have unspecified other impact via a crafted ELF\n file. (bsc#917152)\n\n - CVE-2014-8116: The ELF parser (readelf.c) in file\n allowed remote attackers to cause a denial of service\n (CPU consumption or crash) via a large number of (1)\n program or (2) section headers or (3) invalid\n capabilities. (bsc#910253)\n\n - CVE-2014-8117: softmagic.c in file did not properly\n limit recursion, which allowed remote attackers to cause\n a denial of service (CPU consumption or crash) via\n unspecified vectors. (bsc#910253)\n\n - Fixed a memory corruption during rpmbuild (bsc#1063269)\n\n - Backport of a fix for an increased printable string\n length as found in file 5.30 (bsc#996511)\n\n - file command throws 'Composite Document File V2\n Document, corrupt: Can't read SSAT' error against excel\n 97/2003 file format. (bsc#1009966) gcc7 :\n\n - Support for specific IBM Power9 processor instructions.\n\n - Support for specific IBM zSeries z14 processor\n instructions.\n\n - New packages cross-npvtx-gcc7 and nvptx-tools added to\n the Toolchain Module for specific NVIDIA Card offload\n support. gzip :\n\n - fix mishandling of leading zeros in the end-of-block\n code (bsc#1067891) libsolv :\n\n - Many fixes and improvements for cleandeps.\n\n - Always create dup rules for 'distupgrade' jobs.\n\n - Use recommends also for ordering packages.\n\n - Fix splitprovides handling with addalreadyrecommended\n turned off. (bsc#1059065)\n\n - Expose solver_get_recommendations() in bindings.\n\n - Fix bug in solver_prune_to_highest_prio_per_name\n resulting in bad output from\n solver_get_recommendations().\n\n - Support 'without' and 'unless' dependencies.\n\n - Use same heuristic as upstream to determine source RPMs.\n\n - Fix memory leak in bindings.\n\n - Add pool_best_solvables() function.\n\n - Fix 64bit integer parsing from RPM headers.\n\n - Enable bzip2 and xz/lzma compression support.\n\n - Enable complex/rich dependencies on distributions with\n RPM 4.13+. libtool :\n\n - Add missing dependencies and provides to baselibs.conf\n to make sure libltdl libraries are properly installed.\n (bsc#1056381) libzypp :\n\n - Fix media handling in presence of a repo path prefix.\n (bsc#1062561)\n\n - Fix RepoProvideFile ignoring a repo path prefix.\n (bsc#1062561)\n\n - Remove unused legacy notify-message script.\n (bsc#1058783)\n\n - Support multiple product licenses in repomd.\n (fate#322276)\n\n - Propagate 'rpm --import' errors. (bsc#1057188)\n\n - Fix typos in zypp.conf. openssl :\n\n - CVE-2017-3735: openssl1,openssl: Malformed X.509\n IPAdressFamily could cause OOB read (bsc#1056058)\n\n - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on\n x86_64 (bsc#1066242)\n\n - Out of bounds read+crash in DES_fcrypt (bsc#1065363)\n\n - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA\n ciphers (bsc#1055825) perl: Security issues for perl :\n\n - CVE-2017-12837: Heap-based buffer overflow in the\n S_regatom function in regcomp.c in Perl 5 before\n 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote\n attackers to cause a denial of service (out-of-bounds\n write) via a regular expression with a escape and the\n case-insensitive modifier. (bnc#1057724)\n\n - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N\n function in regcomp.c in Perl 5 before 5.24.3-RC1 and\n 5.26.x before 5.26.1-RC1 allows remote attackers to\n disclose sensitive information or cause a denial of\n service (application crash) via a crafted regular\n expression with an invalid escape. (bnc#1057721)\n\n - CVE-2017-6512: Race condition in the rmtree and\n remove_tree functions in the File-Path module before\n 2.13 for Perl allows attackers to set the mode on\n arbitrary files via vectors involving\n directory-permission loosening logic. (bnc#1047178) Bug\n fixes for perl :\n\n - backport set_capture_string changes from upstream\n (bsc#999735)\n\n - reformat baselibs.conf as source validator workaround\n systemd :\n\n - unit: When JobTimeoutSec= is turned off, implicitly turn\n off JobRunningTimeoutSec= too. (bsc#1048605,\n bsc#1004995)\n\n - compat-rules: Generate compat by-id symlinks with 'nvme'\n prefix missing and warn users that have broken symlinks.\n (bsc#1063249)\n\n - compat-rules: Allow to specify the generation number\n through the kernel command line.\n\n - scsi_id: Fixup prefix for pre-SPC inquiry reply.\n (bsc#1039099)\n\n - tmpfiles: Remove old ICE and X11 sockets at boot.\n\n - tmpfiles: Silently ignore any path that passes through\n autofs. (bsc#1045472)\n\n - pam_logind: Skip leading /dev/ from PAM_TTY field before\n passing it on.\n\n - shared/machine-pool: Fix another mkfs.btrfs checking.\n (bsc#1053595)\n\n - shutdown: Fix incorrect fscanf() result check.\n\n - shutdown: Don't remount,ro network filesystems.\n (bsc#1035386)\n\n - shutdown: Don't be fooled when detaching DM devices with\n BTRFS. (bsc#1055641)\n\n - bash-completion: Add support for --now. (bsc#1053137)\n\n - Add convert-lib-udev-path.sh script to convert /lib/udev\n directory into a symlink pointing to /usr/lib/udev when\n upgrading from SLE11. (bsc#1050152)\n\n - Add a rule to teach hotplug to offline containers\n transparently. (bsc#1040800) timezone :\n\n - Northern Cyprus switches from +03 to +02/+03 on\n 2017-10-29\n\n - Fiji ends DST 2018-01-14, not 2018-01-21\n\n - Namibia switches from +01/+02 to +02 on 2018-04-01\n\n - Sudan switches from +03 to +02 on 2017-11-01\n\n - Tonga likely switches from +13/+14 to +13 on 2017-11-05\n\n - Turks and Caicos switches from -04 to -05/-04 on\n 2018-11-04\n\n - Corrections to past DST transitions\n\n - Move oversized Canada/East-Saskatchewan to 'backward'\n file\n\n - zic(8) and the reference runtime now reject multiple\n leap seconds within 28 days of each other, or leap\n seconds before the Epoch. util-linux :\n\n - Allow unmounting of filesystems without calling stat()\n on the mount point, when '-c' is used. (bsc#1040968)\n\n - Fix an infinite loop, a crash and report the correct\n minimum and maximum frequencies in lscpu for some\n processors. (bsc#1055446)\n\n - Fix a lscpu failure on Sydney Amazon EC2 region.\n (bsc#1066500)\n\n - If multiple subvolumes are mounted, report the default\n subvolume. (bsc#1039276) velum :\n\n - Fix logout issue on DEX download page * page doesn't\n exist (bsc#1066611)\n\n - Handle invalid sessions more user friendly\n\n - Fix undesired minimum nodes alert blink (bsc#1066371)\n wicked :\n\n - A regression in wicked was causing the hostname not to\n be set correctly via DHCP in some cases\n (bsc#1057007,bsc#1050258)\n\n - Configure the interface MTU correctly even in cases\n where the interface was up already (bsc#1059292)\n\n - Don't abort the process that adds configures routes if\n one route fails (bsc#1036619)\n\n - Handle DHCP4 user-class ids properly (bsc#1045522)\n\n - ethtool: handle channels parameters (bsc#1043883) \nzypper :\n\n - Locale: Fix possible segmentation fault. (bsc#1064999)\n\n - Add summary hint if product is better updated by a\n different command. This is mainly used by rolling\n distributions like openSUSE Tumbleweed to remind their\n users to use 'zypper dup' to update (not zypper up or\n patch). (bsc#1061384)\n\n - Unify '(add|modify)(repo|service)' property related\n arguments.\n\n - Fixed 'add' commands supporting to set only a subset of\n properties.\n\n - Introduced '-f/-F' as preferred short option for\n --[no-]refresh in all four commands. (bsc#661410,\n bsc#1053671)\n\n - Fix missing package names in installation report.\n (bsc#1058695)\n\n - Differ between unsupported and packages with unknown\n support status. (bsc#1057634)\n\n - Return error code '107' if an RPM's %post configuration\n script fails, but only if ZYPPER_ON_CODE12_RETURN_107=1\n is set in the environment. (bsc#1047233)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-17T00:00:00", "title": "SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12837", "CVE-2017-9755", "CVE-2017-12456", "CVE-2017-14745", "CVE-2017-14130", "CVE-2014-8117", "CVE-2014-8116", "CVE-2017-12448", "CVE-2017-7223", "CVE-2017-3735", "CVE-2017-14529", "CVE-2017-14729", "CVE-2017-14974", "CVE-2017-7299", "CVE-2017-9746", "CVE-2017-7300", "CVE-2017-12883", "CVE-2017-8396", "CVE-2017-14128", "CVE-2017-12453", "CVE-2017-3737", "CVE-2017-8394", "CVE-2017-6512", "CVE-2017-7224", "CVE-2014-9620", "CVE-2017-7303", "CVE-2017-12450", "CVE-2017-9750", "CVE-2017-9756", "CVE-2017-12799", "CVE-2017-7302", "CVE-2017-9748", "CVE-2014-9939", "CVE-2014-9621", "CVE-2014-3710", "CVE-2017-6966", "CVE-2017-14333", "CVE-2017-7225", "CVE-2017-12452", "CVE-2014-9653", "CVE-2017-8393", "CVE-2017-8392", "CVE-2017-7301", "CVE-2017-6965", "CVE-2017-3738", "CVE-2017-7210", "CVE-2017-7304", "CVE-2017-7209", "CVE-2017-7226", "CVE-2017-3736", "CVE-2017-13757", "CVE-2017-9747", "CVE-2017-14129", "CVE-2017-8421", "CVE-2017-12454", "CVE-2017-6969"], "modified": "2018-01-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:sles12-caasp-dex-image", "p-cpe:/a:novell:suse_linux:sles12-sidecar-image", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:sles12-kubedns-image", "p-cpe:/a:novell:suse_linux:sles12-velum-image", "p-cpe:/a:novell:suse_linux:sles12-dnsmasq-nanny-image", "p-cpe:/a:novell:suse_linux:sles12-salt-api-image", "p-cpe:/a:novell:suse_linux:sles12-haproxy-image", "p-cpe:/a:novell:suse_linux:sles12-mariadb-image", "p-cpe:/a:novell:suse_linux:sles12-salt-master-image", "p-cpe:/a:novell:suse_linux:sles12-tiller-image", "p-cpe:/a:novell:suse_linux:sles12-openldap-image", "p-cpe:/a:novell:suse_linux:sles12-pv-recycler-node-image", "p-cpe:/a:novell:suse_linux:sles12-salt-minion-image", "p-cpe:/a:novell:suse_linux:sles12-pause-image"], "id": "SUSE_SU-2018-0053-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0053-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106092);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/28\");\n\n script_cve_id(\"CVE-2014-3710\", \"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9621\", \"CVE-2014-9653\", \"CVE-2014-9939\", \"CVE-2017-12448\", \"CVE-2017-12450\", \"CVE-2017-12452\", \"CVE-2017-12453\", \"CVE-2017-12454\", \"CVE-2017-12456\", \"CVE-2017-12799\", \"CVE-2017-12837\", \"CVE-2017-12883\", \"CVE-2017-13757\", \"CVE-2017-14128\", \"CVE-2017-14129\", \"CVE-2017-14130\", \"CVE-2017-14333\", \"CVE-2017-14529\", \"CVE-2017-14729\", \"CVE-2017-14745\", \"CVE-2017-14974\", \"CVE-2017-3735\", \"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\", \"CVE-2017-6512\", \"CVE-2017-6965\", \"CVE-2017-6966\", \"CVE-2017-6969\", \"CVE-2017-7209\", \"CVE-2017-7210\", \"CVE-2017-7223\", \"CVE-2017-7224\", \"CVE-2017-7225\", \"CVE-2017-7226\", \"CVE-2017-7299\", \"CVE-2017-7300\", \"CVE-2017-7301\", \"CVE-2017-7302\", \"CVE-2017-7303\", \"CVE-2017-7304\", \"CVE-2017-8392\", \"CVE-2017-8393\", \"CVE-2017-8394\", \"CVE-2017-8396\", \"CVE-2017-8421\", \"CVE-2017-9746\", \"CVE-2017-9747\", \"CVE-2017-9748\", \"CVE-2017-9750\", \"CVE-2017-9755\", \"CVE-2017-9756\");\n script_bugtraq_id(70807, 71692, 71700, 71714, 71715, 72516);\n\n script_name(english:\"SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Docker images provided with SUSE CaaS Platform 2.0 have been\nupdated to include the following updates: binutils :\n\n - Update to version 2.29\n\n - 18750 bsc#1030296 CVE-2014-9939\n\n - 20891 bsc#1030585 CVE-2017-7225\n\n - 20892 bsc#1030588 CVE-2017-7224\n\n - 20898 bsc#1030589 CVE-2017-7223\n\n - 20905 bsc#1030584 CVE-2017-7226\n\n - 20908 bsc#1031644 CVE-2017-7299\n\n - 20909 bsc#1031656 CVE-2017-7300\n\n - 20921 bsc#1031595 CVE-2017-7302\n\n - 20922 bsc#1031593 CVE-2017-7303\n\n - 20924 bsc#1031638 CVE-2017-7301\n\n - 20931 bsc#1031590 CVE-2017-7304\n\n - 21135 bsc#1030298 CVE-2017-7209\n\n - 21137 bsc#1029909 CVE-2017-6965\n\n - 21139 bsc#1029908 CVE-2017-6966\n\n - 21156 bsc#1029907 CVE-2017-6969\n\n - 21157 bsc#1030297 CVE-2017-7210\n\n - 21409 bsc#1037052 CVE-2017-8392\n\n - 21412 bsc#1037057 CVE-2017-8393\n\n - 21414 bsc#1037061 CVE-2017-8394\n\n - 21432 bsc#1037066 CVE-2017-8396\n\n - 21440 bsc#1037273 CVE-2017-8421\n\n - 21580 bsc#1044891 CVE-2017-9746\n\n - 21581 bsc#1044897 CVE-2017-9747\n\n - 21582 bsc#1044901 CVE-2017-9748\n\n - 21587 bsc#1044909 CVE-2017-9750\n\n - 21594 bsc#1044925 CVE-2017-9755\n\n - 21595 bsc#1044927 CVE-2017-9756\n\n - 21787 bsc#1052518 CVE-2017-12448\n\n - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507,\n CVE-2017-12454, bsc#1052509, CVE-2017-12453,\n bsc#1052511, CVE-2017-12452, bsc#1052514,\n CVE-2017-12450, bsc#1052503, CVE-2017-12456,\n bsc#1052507, CVE-2017-12454, bsc#1052509,\n CVE-2017-12453, bsc#1052511, CVE-2017-12452,\n bsc#1052514, CVE-2017-12450\n\n - 21933 bsc#1053347 CVE-2017-12799\n\n - 21990 bsc#1058480 CVE-2017-14333\n\n - 22018 bsc#1056312 CVE-2017-13757\n\n - 22047 bsc#1057144 CVE-2017-14129\n\n - 22058 bsc#1057149 CVE-2017-14130\n\n - 22059 bsc#1057139 CVE-2017-14128\n\n - 22113 bsc#1059050 CVE-2017-14529\n\n - 22148 bsc#1060599 CVE-2017-14745\n\n - 22163 bsc#1061241 CVE-2017-14974\n\n - 22170 bsc#1060621 CVE-2017-14729\n\n - Make compressed debug section handling explicit, disable\n for old products and enable for gas on all architectures\n otherwise. [bsc#1029995]\n\n - Remove empty rpath component removal optimization from\n to workaround CMake rpath handling. [bsc#1025282]\n\n - Fix alignment frags for aarch64 (bsc#1003846) \ncoreutils :\n\n - Fix df(1) to no longer interact with excluded file\n system types, so for example specifying -x nfs no longer\n hangs with problematic nfs mounts. (bsc#1026567)\n\n - Ensure df -l no longer interacts with dummy file system\n types, so for example no longer hangs with problematic\n NFS mounted via system.automount(5). (bsc#1043059)\n\n - Significantly speed up df(1) for huge mount lists.\n (bsc#965780) file :\n\n - update to version 5.22.\n\n - CVE-2014-9621: The ELF parser in file allowed remote\n attackers to cause a denial of service via a long\n string. (bsc#913650)\n\n - CVE-2014-9620: The ELF parser in file allowed remote\n attackers to cause a denial of service via a large\n number of notes. (bsc#913651)\n\n - CVE-2014-9653: readelf.c in file did not consider that\n pread calls sometimes read only a subset of the\n available data, which allows remote attackers to cause a\n denial of service (uninitialized memory access) or\n possibly have unspecified other impact via a crafted ELF\n file. (bsc#917152)\n\n - CVE-2014-8116: The ELF parser (readelf.c) in file\n allowed remote attackers to cause a denial of service\n (CPU consumption or crash) via a large number of (1)\n program or (2) section headers or (3) invalid\n capabilities. (bsc#910253)\n\n - CVE-2014-8117: softmagic.c in file did not properly\n limit recursion, which allowed remote attackers to cause\n a denial of service (CPU consumption or crash) via\n unspecified vectors. (bsc#910253)\n\n - Fixed a memory corruption during rpmbuild (bsc#1063269)\n\n - Backport of a fix for an increased printable string\n length as found in file 5.30 (bsc#996511)\n\n - file command throws 'Composite Document File V2\n Document, corrupt: Can't read SSAT' error against excel\n 97/2003 file format. (bsc#1009966) gcc7 :\n\n - Support for specific IBM Power9 processor instructions.\n\n - Support for specific IBM zSeries z14 processor\n instructions.\n\n - New packages cross-npvtx-gcc7 and nvptx-tools added to\n the Toolchain Module for specific NVIDIA Card offload\n support. gzip :\n\n - fix mishandling of leading zeros in the end-of-block\n code (bsc#1067891) libsolv :\n\n - Many fixes and improvements for cleandeps.\n\n - Always create dup rules for 'distupgrade' jobs.\n\n - Use recommends also for ordering packages.\n\n - Fix splitprovides handling with addalreadyrecommended\n turned off. (bsc#1059065)\n\n - Expose solver_get_recommendations() in bindings.\n\n - Fix bug in solver_prune_to_highest_prio_per_name\n resulting in bad output from\n solver_get_recommendations().\n\n - Support 'without' and 'unless' dependencies.\n\n - Use same heuristic as upstream to determine source RPMs.\n\n - Fix memory leak in bindings.\n\n - Add pool_best_solvables() function.\n\n - Fix 64bit integer parsing from RPM headers.\n\n - Enable bzip2 and xz/lzma compression support.\n\n - Enable complex/rich dependencies on distributions with\n RPM 4.13+. libtool :\n\n - Add missing dependencies and provides to baselibs.conf\n to make sure libltdl libraries are properly installed.\n (bsc#1056381) libzypp :\n\n - Fix media handling in presence of a repo path prefix.\n (bsc#1062561)\n\n - Fix RepoProvideFile ignoring a repo path prefix.\n (bsc#1062561)\n\n - Remove unused legacy notify-message script.\n (bsc#1058783)\n\n - Support multiple product licenses in repomd.\n (fate#322276)\n\n - Propagate 'rpm --import' errors. (bsc#1057188)\n\n - Fix typos in zypp.conf. openssl :\n\n - CVE-2017-3735: openssl1,openssl: Malformed X.509\n IPAdressFamily could cause OOB read (bsc#1056058)\n\n - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on\n x86_64 (bsc#1066242)\n\n - Out of bounds read+crash in DES_fcrypt (bsc#1065363)\n\n - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA\n ciphers (bsc#1055825) perl: Security issues for perl :\n\n - CVE-2017-12837: Heap-based buffer overflow in the\n S_regatom function in regcomp.c in Perl 5 before\n 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote\n attackers to cause a denial of service (out-of-bounds\n write) via a regular expression with a escape and the\n case-insensitive modifier. (bnc#1057724)\n\n - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N\n function in regcomp.c in Perl 5 before 5.24.3-RC1 and\n 5.26.x before 5.26.1-RC1 allows remote attackers to\n disclose sensitive information or cause a denial of\n service (application crash) via a crafted regular\n expression with an invalid escape. (bnc#1057721)\n\n - CVE-2017-6512: Race condition in the rmtree and\n remove_tree functions in the File-Path module before\n 2.13 for Perl allows attackers to set the mode on\n arbitrary files via vectors involving\n directory-permission loosening logic. (bnc#1047178) Bug\n fixes for perl :\n\n - backport set_capture_string changes from upstream\n (bsc#999735)\n\n - reformat baselibs.conf as source validator workaround\n systemd :\n\n - unit: When JobTimeoutSec= is turned off, implicitly turn\n off JobRunningTimeoutSec= too. (bsc#1048605,\n bsc#1004995)\n\n - compat-rules: Generate compat by-id symlinks with 'nvme'\n prefix missing and warn users that have broken symlinks.\n (bsc#1063249)\n\n - compat-rules: Allow to specify the generation number\n through the kernel command line.\n\n - scsi_id: Fixup prefix for pre-SPC inquiry reply.\n (bsc#1039099)\n\n - tmpfiles: Remove old ICE and X11 sockets at boot.\n\n - tmpfiles: Silently ignore any path that passes through\n autofs. (bsc#1045472)\n\n - pam_logind: Skip leading /dev/ from PAM_TTY field before\n passing it on.\n\n - shared/machine-pool: Fix another mkfs.btrfs checking.\n (bsc#1053595)\n\n - shutdown: Fix incorrect fscanf() result check.\n\n - shutdown: Don't remount,ro network filesystems.\n (bsc#1035386)\n\n - shutdown: Don't be fooled when detaching DM devices with\n BTRFS. (bsc#1055641)\n\n - bash-completion: Add support for --now. (bsc#1053137)\n\n - Add convert-lib-udev-path.sh script to convert /lib/udev\n directory into a symlink pointing to /usr/lib/udev when\n upgrading from SLE11. (bsc#1050152)\n\n - Add a rule to teach hotplug to offline containers\n transparently. (bsc#1040800) timezone :\n\n - Northern Cyprus switches from +03 to +02/+03 on\n 2017-10-29\n\n - Fiji ends DST 2018-01-14, not 2018-01-21\n\n - Namibia switches from +01/+02 to +02 on 2018-04-01\n\n - Sudan switches from +03 to +02 on 2017-11-01\n\n - Tonga likely switches from +13/+14 to +13 on 2017-11-05\n\n - Turks and Caicos switches from -04 to -05/-04 on\n 2018-11-04\n\n - Corrections to past DST transitions\n\n - Move oversized Canada/East-Saskatchewan to 'backward'\n file\n\n - zic(8) and the reference runtime now reject multiple\n leap seconds within 28 days of each other, or leap\n seconds before the Epoch. util-linux :\n\n - Allow unmounting of filesystems without calling stat()\n on the mount point, when '-c' is used. (bsc#1040968)\n\n - Fix an infinite loop, a crash and report the correct\n minimum and maximum frequencies in lscpu for some\n processors. (bsc#1055446)\n\n - Fix a lscpu failure on Sydney Amazon EC2 region.\n (bsc#1066500)\n\n - If multiple subvolumes are mounted, report the default\n subvolume. (bsc#1039276) velum :\n\n - Fix logout issue on DEX download page * page doesn't\n exist (bsc#1066611)\n\n - Handle invalid sessions more user friendly\n\n - Fix undesired minimum nodes alert blink (bsc#1066371)\n wicked :\n\n - A regression in wicked was causing the hostname not to\n be set correctly via DHCP in some cases\n (bsc#1057007,bsc#1050258)\n\n - Configure the interface MTU correctly even in cases\n where the interface was up already (bsc#1059292)\n\n - Don't abort the process that adds configures routes if\n one route fails (bsc#1036619)\n\n - Handle DHCP4 user-class ids properly (bsc#1045522)\n\n - ethtool: handle channels parameters (bsc#1043883) \nzypper :\n\n - Locale: Fix possible segmentation fault. (bsc#1064999)\n\n - Add summary hint if product is better updated by a\n different command. This is mainly used by rolling\n distributions like openSUSE Tumbleweed to remind their\n users to use 'zypper dup' to update (not zypper up or\n patch). (bsc#1061384)\n\n - Unify '(add|modify)(repo|service)' property related\n arguments.\n\n - Fixed 'add' commands supporting to set only a subset of\n properties.\n\n - Introduced '-f/-F' as preferred short option for\n --[no-]refresh in all four commands. (bsc#661410,\n bsc#1053671)\n\n - Fix missing package names in installation report.\n (bsc#1058695)\n\n - Differ between unsupported and packages with unknown\n support status. (bsc#1057634)\n\n - Return error code '107' if an RPM's %post configuration\n script fails, but only if ZYPPER_ON_CODE12_RETURN_107=1\n is set in the environment. (bsc#1047233)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3710/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9620/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9621/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9653/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12448/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12450/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12452/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12453/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12454/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12456/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12837/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14333/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3735/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3736/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3737/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3738/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6512/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180053-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2e30c71\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-40=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-caasp-dex-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-dnsmasq-nanny-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-haproxy-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-kubedns-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-mariadb-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-openldap-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-pause-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-pv-recycler-node-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-salt-api-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-salt-master-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-salt-minion-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-sidecar-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-tiller-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-velum-image\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-caasp-dex-image-2.0.0-3.3.11\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-dnsmasq-nanny-image-2.0.1-2.3.15\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-haproxy-image-2.0.1-2.3.16\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-kubedns-image-2.0.1-2.3.11\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-mariadb-image-2.0.1-2.3.15\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-openldap-image-2.0.0-2.3.11\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-pause-image-2.0.1-2.3.9\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-pv-recycler-node-image-2.0.1-2.3.10\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-salt-api-image-2.0.1-2.3.10\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-salt-master-image-2.0.1-2.3.10\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-salt-minion-image-2.0.1-2.3.14\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-sidecar-image-2.0.1-2.3.11\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-tiller-image-2.0.0-2.3.11\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-velum-image-2.0.1-2.3.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CaaS Platform 2.0 images\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:31:35", "description": "GNU binutil was updated to the 2.29.1 release, bringing various new\nfeatures, fixing a lot of bugs and security issues.\n\nFollowing security issues are being addressed by this release :\n\n - 18750 bsc#1030296 CVE-2014-9939\n\n - 20891 bsc#1030585 CVE-2017-7225\n\n - 20892 bsc#1030588 CVE-2017-7224\n\n - 20898 bsc#1030589 CVE-2017-7223\n\n - 20905 bsc#1030584 CVE-2017-7226\n\n - 20908 bsc#1031644 CVE-2017-7299\n\n - 20909 bsc#1031656 CVE-2017-7300\n\n - 20921 bsc#1031595 CVE-2017-7302\n\n - 20922 bsc#1031593 CVE-2017-7303\n\n - 20924 bsc#1031638 CVE-2017-7301\n\n - 20931 bsc#1031590 CVE-2017-7304\n\n - 21135 bsc#1030298 CVE-2017-7209 \n\n - 21137 bsc#1029909 CVE-2017-6965\n\n - 21139 bsc#1029908 CVE-2017-6966\n\n - 21156 bsc#1029907 CVE-2017-6969\n\n - 21157 bsc#1030297 CVE-2017-7210\n\n - 21409 bsc#1037052 CVE-2017-8392\n\n - 21412 bsc#1037057 CVE-2017-8393\n\n - 21414 bsc#1037061 CVE-2017-8394\n\n - 21432 bsc#1037066 CVE-2017-8396\n\n - 21440 bsc#1037273 CVE-2017-8421\n\n - 21580 bsc#1044891 CVE-2017-9746\n\n - 21581 bsc#1044897 CVE-2017-9747\n\n - 21582 bsc#1044901 CVE-2017-9748\n\n - 21587 bsc#1044909 CVE-2017-9750\n\n - 21594 bsc#1044925 CVE-2017-9755\n\n - 21595 bsc#1044927 CVE-2017-9756\n\n - 21787 bsc#1052518 CVE-2017-12448\n\n - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507,\n CVE-2017-12454, bsc#1052509, CVE-2017-12453,\n bsc#1052511, CVE-2017-12452, bsc#1052514,\n CVE-2017-12450, bsc#1052503, CVE-2017-12456,\n bsc#1052507, CVE-2017-12454, bsc#1052509,\n CVE-2017-12453, bsc#1052511, CVE-2017-12452,\n bsc#1052514, CVE-2017-12450\n\n - 21933 bsc#1053347 CVE-2017-12799\n\n - 21990 bsc#1058480 CVE-2017-14333\n\n - 22018 bsc#1056312 CVE-2017-13757\n\n - 22047 bsc#1057144 CVE-2017-14129\n\n - 22058 bsc#1057149 CVE-2017-14130\n\n - 22059 bsc#1057139 CVE-2017-14128\n\n - 22113 bsc#1059050 CVE-2017-14529\n\n - 22148 bsc#1060599 CVE-2017-14745\n\n - 22163 bsc#1061241 CVE-2017-14974\n\n - 22170 bsc#1060621 CVE-2017-14729\n\nUpdate to binutils 2.29. [fate#321454, fate#321494, fate#323293] :\n\n - The MIPS port now supports microMIPS eXtended Physical\n Addressing (XPA) instructions for assembly and\n disassembly.\n\n - The MIPS port now supports the microMIPS Release 5 ISA\n for assembly and disassembly.\n\n - The MIPS port now supports the Imagination interAptiv\n MR2 processor, which implements the MIPS32r3 ISA, the\n MIPS16e2 ASE as well as a couple of\n implementation-specific regular MIPS and MIPS16e2 ASE\n instructions.\n\n - The SPARC port now supports the SPARC M8 processor,\n which implements the Oracle SPARC Architecture 2017.\n\n - The MIPS port now supports the MIPS16e2 ASE for assembly\n and disassembly.\n\n - Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.\n\n - Add support for the wasm32 ELF conversion of the\n WebAssembly file format.\n\n - Add --inlines option to objdump, which extends the\n --line-numbers option so that inlined functions will\n display their nesting information.\n\n - Add --merge-notes options to objcopy to reduce the size\n of notes in a binary file by merging and deleting\n redundant notes.\n\n - Add support for locating separate debug info files using\n the build-id method, where the separate file has a name\n based upon the build-id of the original file.\n\n - GAS specific :\n\n - Add support for ELF SHF_GNU_MBIND.\n\n - Add support for the WebAssembly file format and wasm32\n ELF conversion.\n\n - PowerPC gas now checks that the correct register class\n is used in instructions. For instance, 'addi\n %f4,%cr3,%r31' warns three times that the registers are\n invalid.\n\n - Add support for the Texas Instruments PRU processor.\n\n - Support for the ARMv8-R architecture and Cortex-R52\n processor has been added to the ARM port.\n\n - GNU ld specific :\n\n - Support for -z shstk in the x86 ELF linker to generate\n GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program\n properties.\n\n - Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF\n GNU program properties in the x86 ELF linker.\n\n - Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF\n GNU program properties in the x86 ELF linker.\n\n - Support for -z ibtplt in the x86 ELF linker to generate\n IBT-enabled PLT.\n\n - Support for -z ibt in the x86 ELF linker to generate\n IBT-enabled PLT as well as\n GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program\n properties.\n\n - Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.\n\n - Add support for ELF GNU program properties.\n\n - Add support for the Texas Instruments PRU processor.\n\n - When configuring for arc*-*-linux* targets the default\n linker emulation will change if --with-cpu=nps400 is\n used at configure time.\n\n - Improve assignment of LMAs to orphan sections in some\n edge cases where a mixture of both AT>LMA_REGION and\n AT(LMA) are used.\n\n - Orphan sections placed after an empty section that has\n an AT(LMA) will now take an load memory address starting\n from LMA.\n\n - Section groups can now be resolved (the group deleted\n and the group members placed like normal sections) at\n partial link time either using the new linker option\n --force-group-allocation or by placing\n FORCE_GROUP_ALLOCATION into the linker script.\n\n - Add riscv64 target, tested with gcc7 and downstream\n newlib 2.4.0\n\n - Prepare riscv32 target (gh#riscv/riscv-newlib#8)\n\n - Make compressed debug section handling explicit, disable\n for old products and enable for gas on all architectures\n otherwise. [bsc#1029995]\n\n - Remove empty rpath component removal optimization from\n to workaround CMake rpath handling. [bsc#1025282]\n\n Minor security bugs fixed: PR 21147, PR 21148, PR 21149,\n PR 21150, PR 21151, PR 21155, PR 21158, PR 21159\n\n - Update to binutils 2.28.\n\n - Add support for locating separate debug info files using\n the build-id method, where the separate file has a name\n based upon the build-id of the original file.\n\n - This version of binutils fixes a problem with PowerPC\n VLE 16A and 16D relocations which were functionally\n swapped, for example, R_PPC_VLE_HA16A performed like\n R_PPC_VLE_HA16D while R_PPC_VLE_HA16D performed like\n R_PPC_VLE_HA16A. This could have been fixed by\n renumbering relocations, which would keep object files\n created by an older version of gas compatible with a\n newer ld. However, that would require an ABI update,\n affecting other assemblers and linkers that create and\n process the relocations correctly. It is recommended\n that all VLE object files be recompiled, but ld can\n modify the relocations if --vle-reloc-fixup is passed to\n ld. If the new ld command line option is not used, ld\n will ld warn on finding relocations inconsistent with\n the instructions being relocated.\n\n - The nm program has a new command line option\n (--with-version-strings) which will display a symbol's\n version information, if any, after the symbol's name.\n\n - The ARC port of objdump now accepts a -M option to\n specify the extra instruction class(es) that should be\n disassembled.\n\n - The --remove-section option for objcopy and strip now\n accepts section patterns starting with an exclamation\n point to indicate a non-matching section. A non-matching\n section is removed from the set of sections matched by\n an earlier --remove-section pattern.\n\n - The --only-section option for objcopy now accepts\n section patterns starting with an exclamation point to\n indicate a non-matching section. A non-matching section\n is removed from the set of sections matched by an\n earlier --only-section pattern.\n\n - New --remove-relocations=SECTIONPATTERN option for\n objcopy and strip. This option can be used to remove\n sections containing relocations. The SECTIONPATTERN is\n the section to which the relocations apply, not the\n relocation section itself.\n\n - GAS specific :\n\n - Add support for the RISC-V architecture.\n\n - Add support for the ARM Cortex-M23 and Cortex-M33\n processors.\n\n - GNU ld specific :\n\n - The EXCLUDE_FILE linker script construct can now be\n applied outside of the section list in order for the\n exclusions to apply over all input sections in the list.\n\n - Add support for the RISC-V architecture.\n\n - The command line option --no-eh-frame-hdr can now be\n used in ELF based linkers to disable the automatic\n generation of .eh_frame_hdr sections.\n\n - Add --in-implib=<infile> to the ARM linker to enable\n specifying a set of Secure Gateway veneers that must\n exist in the output import library specified by\n --out-implib=<outfile> and the address they must have.\n As such, --in-implib is only supported in combination\n with --cmse-implib.\n\n - Extended the --out-implib=<file> option, previously\n restricted to x86 PE targets, to any ELF based target.\n This allows the generation of an import library for an\n ELF executable, which can then be used by another\n application to link against the executable.\n\n - GOLD specific :\n\n - Add -z bndplt option (x86-64 only) to support Intel MPX.\n\n - Add --orphan-handling option.\n\n - Add --stub-group-multi option (PowerPC only).\n\n - Add --target1-rel, --target1-abs, --target2 options (Arm\n only).\n\n - Add -z stack-size option.\n\n - Add --be8 option (Arm only).\n\n - Add HIDDEN support in linker scripts.\n\n - Add SORT_BY_INIT_PRIORITY support in linker scripts.\n\n - Other fixes :\n\n - Fix section alignment on .gnu_debuglink. [bso#21193]\n\n - Add s390x to gold_archs.\n\n - Fix alignment frags for aarch64 (bsc#1003846)\n\n - Call ldconfig for libbfd\n\n - Fix an assembler problem with clang on ARM.\n\n - Restore monotonically increasing section offsets.\n\n - Update to binutils 2.27.\n\n - Add a configure option, --enable-64-bit-archive, to\n force use of a 64-bit format when creating an archive\n symbol index.\n\n - Add --elf-stt-common= option to objcopy for ELF targets\n to control whether to convert common symbols to the\n STT_COMMON type.\n\n - GAS specific :\n\n - Default to --enable-compressed-debug-sections=gas for\n Linux/x86 targets.\n\n - Add --no-pad-sections to stop the assembler from padding\n the end of output sections up to their alignment\n boundary.\n\n - Support for the ARMv8-M architecture has been added to\n the ARM port. Support for the ARMv8-M Security and DSP\n Extensions has also been added to the ARM port.\n\n - ARC backend accepts .extInstruction, .extCondCode,\n .extAuxRegister, and .extCoreRegister pseudo-ops that\n allow an user to define custom instructions, conditional\n codes, auxiliary and core registers.\n\n - Add a configure option --enable-elf-stt-common to decide\n whether ELF assembler should generate common symbols\n with the STT_COMMON type by default. Default to no.\n\n - New command line option --elf-stt-common= for ELF\n targets to control whether to generate common symbols\n with the STT_COMMON type.\n\n - Add ability to set section flags and types via numeric\n values for ELF based targets.\n\n - Add a configure option --enable-x86-relax-relocations to\n decide whether x86 assembler should generate relax\n relocations by default. Default to yes, except for x86\n Solaris targets older than Solaris 12.\n\n - New command line option -mrelax-relocations= for x86\n target to control whether to generate relax relocations.\n\n - New command line option -mfence-as-lock-add=yes for x86\n target to encode lfence, mfence and sfence as 'lock addl\n $0x0, (%[re]sp)'.\n\n - Add assembly-time relaxation option for ARC cpus.\n\n - Add --with-cpu=TYPE configure option for ARC gas. This\n allows the default cpu type to be adjusted at configure\n time.\n\n - GOLD specific :\n\n - Add a configure option --enable-relro to decide whether\n -z relro should be enabled by default. Default to yes.\n\n - Add support for s390, MIPS, AArch64, and TILE-Gx\n architectures.\n\n - Add support for STT_GNU_IFUNC symbols.\n\n - Add support for incremental linking (--incremental).\n\n - GNU ld specific :\n\n - Add a configure option --enable-relro to decide whether\n -z relro should be enabled in ELF linker by default.\n Default to yes for all Linux targets except FRV, HPPA,\n IA64 and MIPS.\n\n - Support for -z noreloc-overflow in the x86-64 ELF linker\n to disable relocation overflow check.\n\n - Add -z common/-z nocommon options for ELF targets to\n control whether to convert common symbols to the\n STT_COMMON type during a relocatable link.\n\n - Support for -z nodynamic-undefined-weak in the x86 ELF\n linker, which avoids dynamic relocations against\n undefined weak symbols in executable.\n\n - The NOCROSSREFSTO command was added to the linker script\n language.\n\n - Add --no-apply-dynamic-relocs to the AArch64 linker to\n do not apply link-time values for dynamic relocations.\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-14T00:00:00", "title": "openSUSE Security Update : binutils (openSUSE-2017-1330)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8395", "CVE-2017-9755", "CVE-2017-9043", "CVE-2017-12456", "CVE-2017-14745", "CVE-2017-14130", "CVE-2017-12448", "CVE-2017-9042", "CVE-2017-7614", "CVE-2017-7223", "CVE-2017-14529", "CVE-2017-14729", "CVE-2017-14974", "CVE-2017-7299", "CVE-2017-9746", "CVE-2017-7300", "CVE-2017-9041", "CVE-2017-8396", "CVE-2017-14128", "CVE-2017-9038", "CVE-2017-7227", "CVE-2017-12453", "CVE-2017-8394", "CVE-2017-9954", "CVE-2017-9039", "CVE-2017-7224", "CVE-2017-9955", "CVE-2017-7303", "CVE-2017-12450", "CVE-2017-9750", "CVE-2017-9756", "CVE-2017-12799", "CVE-2017-7302", "CVE-2017-9748", "CVE-2014-9939", "CVE-2017-6966", "CVE-2017-14333", "CVE-2017-7225", "CVE-2017-12452", "CVE-2017-9044", "CVE-2017-8393", "CVE-2017-8397", "CVE-2017-8392", "CVE-2017-7301", "CVE-2017-6965", "CVE-2017-7210", "CVE-2017-7304", "CVE-2017-7209", "CVE-2017-7226", "CVE-2017-9040", "CVE-2017-13757", "CVE-2017-8398", "CVE-2017-9747", "CVE-2017-14129", "CVE-2017-8421", "CVE-2017-12454", "CVE-2017-6969"], "modified": "2017-12-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cross-ppc-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-ppc64-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-i386-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-mips-binutils", "p-cpe:/a:novell:opensuse:cross-m68k-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-hppa-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-ppc64-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-avr-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-sparc64-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-s390-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-ppc-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-m68k-binutils", "p-cpe:/a:novell:opensuse:cross-ppc64le-binutils", "p-cpe:/a:novell:opensuse:cross-hppa64-binutils", "p-cpe:/a:novell:opensuse:cross-ia64-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-sparc-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-i386-binutils", "p-cpe:/a:novell:opensuse:cross-mips-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-s390-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-ppc-binutils", "p-cpe:/a:novell:opensuse:cross-s390x-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-hppa64-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-sparc64-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-arm-binutils", "p-cpe:/a:novell:opensuse:cross-ppc64le-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-aarch64-binutils-debugsource", "p-cpe:/a:novell:opensuse:binutils-gold", "p-cpe:/a:novell:opensuse:binutils-devel-32bit", "p-cpe:/a:novell:opensuse:cross-aarch64-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-spu-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-i386-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-x86_64-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-m68k-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-x86_64-binutils", "p-cpe:/a:novell:opensuse:cross-spu-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-avr-binutils", "p-cpe:/a:novell:opensuse:cross-hppa-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-s390-binutils", "p-cpe:/a:novell:opensuse:binutils", "p-cpe:/a:novell:opensuse:cross-ppc64le-binutils-debuginfo", "p-cpe:/a:novell:opensuse:binutils-devel", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:cross-arm-binutils-debugsource", "p-cpe:/a:novell:opensuse:binutils-debugsource", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:cross-aarch64-binutils", "p-cpe:/a:novell:opensuse:cross-sparc-binutils", "p-cpe:/a:novell:opensuse:binutils-gold-debuginfo", "p-cpe:/a:novell:opensuse:binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-hppa-binutils", "p-cpe:/a:novell:opensuse:cross-avr-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-mips-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-ppc64-binutils", "p-cpe:/a:novell:opensuse:cross-x86_64-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-spu-binutils", "p-cpe:/a:novell:opensuse:cross-sparc64-binutils", "p-cpe:/a:novell:opensuse:cross-arm-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-ia64-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-sparc-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-s390x-binutils-debuginfo", "p-cpe:/a:novell:opensuse:cross-s390x-binutils", "p-cpe:/a:novell:opensuse:cross-hppa64-binutils-debugsource", "p-cpe:/a:novell:opensuse:cross-ia64-binutils"], "id": "OPENSUSE-2017-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/105225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1330.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105225);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9939\", \"CVE-2017-12448\", \"CVE-2017-12450\", \"CVE-2017-12452\", \"CVE-2017-12453\", \"CVE-2017-12454\", \"CVE-2017-12456\", \"CVE-2017-12799\", \"CVE-2017-13757\", \"CVE-2017-14128\", \"CVE-2017-14129\", \"CVE-2017-14130\", \"CVE-2017-14333\", \"CVE-2017-14529\", \"CVE-2017-14729\", \"CVE-2017-14745\", \"CVE-2017-14974\", \"CVE-2017-6965\", \"CVE-2017-6966\", \"CVE-2017-6969\", \"CVE-2017-7209\", \"CVE-2017-7210\", \"CVE-2017-7223\", \"CVE-2017-7224\", \"CVE-2017-7225\", \"CVE-2017-7226\", \"CVE-2017-7227\", \"CVE-2017-7299\", \"CVE-2017-7300\", \"CVE-2017-7301\", \"CVE-2017-7302\", \"CVE-2017-7303\", \"CVE-2017-7304\", \"CVE-2017-7614\", \"CVE-2017-8392\", \"CVE-2017-8393\", \"CVE-2017-8394\", \"CVE-2017-8395\", \"CVE-2017-8396\", \"CVE-2017-8397\", \"CVE-2017-8398\", \"CVE-2017-8421\", \"CVE-2017-9038\", \"CVE-2017-9039\", \"CVE-2017-9040\", \"CVE-2017-9041\", \"CVE-2017-9042\", \"CVE-2017-9043\", \"CVE-2017-9044\", \"CVE-2017-9746\", \"CVE-2017-9747\", \"CVE-2017-9748\", \"CVE-2017-9750\", \"CVE-2017-9755\", \"CVE-2017-9756\", \"CVE-2017-9954\", \"CVE-2017-9955\");\n\n script_name(english:\"openSUSE Security Update : binutils (openSUSE-2017-1330)\");\n script_summary(english:\"Check for the openSUSE-2017-1330 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNU binutil was updated to the 2.29.1 release, bringing various new\nfeatures, fixing a lot of bugs and security issues.\n\nFollowing security issues are being addressed by this release :\n\n - 18750 bsc#1030296 CVE-2014-9939\n\n - 20891 bsc#1030585 CVE-2017-7225\n\n - 20892 bsc#1030588 CVE-2017-7224\n\n - 20898 bsc#1030589 CVE-2017-7223\n\n - 20905 bsc#1030584 CVE-2017-7226\n\n - 20908 bsc#1031644 CVE-2017-7299\n\n - 20909 bsc#1031656 CVE-2017-7300\n\n - 20921 bsc#1031595 CVE-2017-7302\n\n - 20922 bsc#1031593 CVE-2017-7303\n\n - 20924 bsc#1031638 CVE-2017-7301\n\n - 20931 bsc#1031590 CVE-2017-7304\n\n - 21135 bsc#1030298 CVE-2017-7209 \n\n - 21137 bsc#1029909 CVE-2017-6965\n\n - 21139 bsc#1029908 CVE-2017-6966\n\n - 21156 bsc#1029907 CVE-2017-6969\n\n - 21157 bsc#1030297 CVE-2017-7210\n\n - 21409 bsc#1037052 CVE-2017-8392\n\n - 21412 bsc#1037057 CVE-2017-8393\n\n - 21414 bsc#1037061 CVE-2017-8394\n\n - 21432 bsc#1037066 CVE-2017-8396\n\n - 21440 bsc#1037273 CVE-2017-8421\n\n - 21580 bsc#1044891 CVE-2017-9746\n\n - 21581 bsc#1044897 CVE-2017-9747\n\n - 21582 bsc#1044901 CVE-2017-9748\n\n - 21587 bsc#1044909 CVE-2017-9750\n\n - 21594 bsc#1044925 CVE-2017-9755\n\n - 21595 bsc#1044927 CVE-2017-9756\n\n - 21787 bsc#1052518 CVE-2017-12448\n\n - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507,\n CVE-2017-12454, bsc#1052509, CVE-2017-12453,\n bsc#1052511, CVE-2017-12452, bsc#1052514,\n CVE-2017-12450, bsc#1052503, CVE-2017-12456,\n bsc#1052507, CVE-2017-12454, bsc#1052509,\n CVE-2017-12453, bsc#1052511, CVE-2017-12452,\n bsc#1052514, CVE-2017-12450\n\n - 21933 bsc#1053347 CVE-2017-12799\n\n - 21990 bsc#1058480 CVE-2017-14333\n\n - 22018 bsc#1056312 CVE-2017-13757\n\n - 22047 bsc#1057144 CVE-2017-14129\n\n - 22058 bsc#1057149 CVE-2017-14130\n\n - 22059 bsc#1057139 CVE-2017-14128\n\n - 22113 bsc#1059050 CVE-2017-14529\n\n - 22148 bsc#1060599 CVE-2017-14745\n\n - 22163 bsc#1061241 CVE-2017-14974\n\n - 22170 bsc#1060621 CVE-2017-14729\n\nUpdate to binutils 2.29. [fate#321454, fate#321494, fate#323293] :\n\n - The MIPS port now supports microMIPS eXtended Physical\n Addressing (XPA) instructions for assembly and\n disassembly.\n\n - The MIPS port now supports the microMIPS Release 5 ISA\n for assembly and disassembly.\n\n - The MIPS port now supports the Imagination interAptiv\n MR2 processor, which implements the MIPS32r3 ISA, the\n MIPS16e2 ASE as well as a couple of\n implementation-specific regular MIPS and MIPS16e2 ASE\n instructions.\n\n - The SPARC port now supports the SPARC M8 processor,\n which implements the Oracle SPARC Architecture 2017.\n\n - The MIPS port now supports the MIPS16e2 ASE for assembly\n and disassembly.\n\n - Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.\n\n - Add support for the wasm32 ELF conversion of the\n WebAssembly file format.\n\n - Add --inlines option to objdump, which extends the\n --line-numbers option so that inlined functions will\n display their nesting information.\n\n - Add --merge-notes options to objcopy to reduce the size\n of notes in a binary file by merging and deleting\n redundant notes.\n\n - Add support for locating separate debug info files using\n the build-id method, where the separate file has a name\n based upon the build-id of the original file.\n\n - GAS specific :\n\n - Add support for ELF SHF_GNU_MBIND.\n\n - Add support for the WebAssembly file format and wasm32\n ELF conversion.\n\n - PowerPC gas now checks that the correct register class\n is used in instructions. For instance, 'addi\n %f4,%cr3,%r31' warns three times that the registers are\n invalid.\n\n - Add support for the Texas Instruments PRU processor.\n\n - Support for the ARMv8-R architecture and Cortex-R52\n processor has been added to the ARM port.\n\n - GNU ld specific :\n\n - Support for -z shstk in the x86 ELF linker to generate\n GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program\n properties.\n\n - Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF\n GNU program properties in the x86 ELF linker.\n\n - Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF\n GNU program properties in the x86 ELF linker.\n\n - Support for -z ibtplt in the x86 ELF linker to generate\n IBT-enabled PLT.\n\n - Support for -z ibt in the x86 ELF linker to generate\n IBT-enabled PLT as well as\n GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program\n properties.\n\n - Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.\n\n - Add support for ELF GNU program properties.\n\n - Add support for the Texas Instruments PRU processor.\n\n - When configuring for arc*-*-linux* targets the default\n linker emulation will change if --with-cpu=nps400 is\n used at configure time.\n\n - Improve assignment of LMAs to orphan sections in some\n edge cases where a mixture of both AT>LMA_REGION and\n AT(LMA) are used.\n\n - Orphan sections placed after an empty section that has\n an AT(LMA) will now take an load memory address starting\n from LMA.\n\n - Section groups can now be resolved (the group deleted\n and the group members placed like normal sections) at\n partial link time either using the new linker option\n --force-group-allocation or by placing\n FORCE_GROUP_ALLOCATION into the linker script.\n\n - Add riscv64 target, tested with gcc7 and downstream\n newlib 2.4.0\n\n - Prepare riscv32 target (gh#riscv/riscv-newlib#8)\n\n - Make compressed debug section handling explicit, disable\n for old products and enable for gas on all architectures\n otherwise. [bsc#1029995]\n\n - Remove empty rpath component removal optimization from\n to workaround CMake rpath handling. [bsc#1025282]\n\n Minor security bugs fixed: PR 21147, PR 21148, PR 21149,\n PR 21150, PR 21151, PR 21155, PR 21158, PR 21159\n\n - Update to binutils 2.28.\n\n - Add support for locating separate debug info files using\n the build-id method, where the separate file has a name\n based upon the build-id of the original file.\n\n - This version of binutils fixes a problem with PowerPC\n VLE 16A and 16D relocations which were functionally\n swapped, for example, R_PPC_VLE_HA16A performed like\n R_PPC_VLE_HA16D while R_PPC_VLE_HA16D performed like\n R_PPC_VLE_HA16A. This could have been fixed by\n renumbering relocations, which would keep object files\n created by an older version of gas compatible with a\n newer ld. However, that would require an ABI update,\n affecting other assemblers and linkers that create and\n process the relocations correctly. It is recommended\n that all VLE object files be recompiled, but ld can\n modify the relocations if --vle-reloc-fixup is passed to\n ld. If the new ld command line option is not used, ld\n will ld warn on finding relocations inconsistent with\n the instructions being relocated.\n\n - The nm program has a new command line option\n (--with-version-strings) which will display a symbol's\n version information, if any, after the symbol's name.\n\n - The ARC port of objdump now accepts a -M option to\n specify the extra instruction class(es) that should be\n disassembled.\n\n - The --remove-section option for objcopy and strip now\n accepts section patterns starting with an exclamation\n point to indicate a non-matching section. A non-matching\n section is removed from the set of sections matched by\n an earlier --remove-section pattern.\n\n - The --only-section option for objcopy now accepts\n section patterns starting with an exclamation point to\n indicate a non-matching section. A non-matching section\n is removed from the set of sections matched by an\n earlier --only-section pattern.\n\n - New --remove-relocations=SECTIONPATTERN option for\n objcopy and strip. This option can be used to remove\n sections containing relocations. The SECTIONPATTERN is\n the section to which the relocations apply, not the\n relocation section itself.\n\n - GAS specific :\n\n - Add support for the RISC-V architecture.\n\n - Add support for the ARM Cortex-M23 and Cortex-M33\n processors.\n\n - GNU ld specific :\n\n - The EXCLUDE_FILE linker script construct can now be\n applied outside of the section list in order for the\n exclusions to apply over all input sections in the list.\n\n - Add support for the RISC-V architecture.\n\n - The command line option --no-eh-frame-hdr can now be\n used in ELF based linkers to disable the automatic\n generation of .eh_frame_hdr sections.\n\n - Add --in-implib=<infile> to the ARM linker to enable\n specifying a set of Secure Gateway veneers that must\n exist in the output import library specified by\n --out-implib=<outfile> and the address they must have.\n As such, --in-implib is only supported in combination\n with --cmse-implib.\n\n - Extended the --out-implib=<file> option, previously\n restricted to x86 PE targets, to any ELF based target.\n This allows the generation of an import library for an\n ELF executable, which can then be used by another\n application to link against the executable.\n\n - GOLD specific :\n\n - Add -z bndplt option (x86-64 only) to support Intel MPX.\n\n - Add --orphan-handling option.\n\n - Add --stub-group-multi option (PowerPC only).\n\n - Add --target1-rel, --target1-abs, --target2 options (Arm\n only).\n\n - Add -z stack-size option.\n\n - Add --be8 option (Arm only).\n\n - Add HIDDEN support in linker scripts.\n\n - Add SORT_BY_INIT_PRIORITY support in linker scripts.\n\n - Other fixes :\n\n - Fix section alignment on .gnu_debuglink. [bso#21193]\n\n - Add s390x to gold_archs.\n\n - Fix alignment frags for aarch64 (bsc#1003846)\n\n - Call ldconfig for libbfd\n\n - Fix an assembler problem with clang on ARM.\n\n - Restore monotonically increasing section offsets.\n\n - Update to binutils 2.27.\n\n - Add a configure option, --enable-64-bit-archive, to\n force use of a 64-bit format when creating an archive\n symbol index.\n\n - Add --elf-stt-common= option to objcopy for ELF targets\n to control whether to convert common symbols to the\n STT_COMMON type.\n\n - GAS specific :\n\n - Default to --enable-compressed-debug-sections=gas for\n Linux/x86 targets.\n\n - Add --no-pad-sections to stop the assembler from padding\n the end of output sections up to their alignment\n boundary.\n\n - Support for the ARMv8-M architecture has been added to\n the ARM port. Support for the ARMv8-M Security and DSP\n Extensions has also been added to the ARM port.\n\n - ARC backend accepts .extInstruction, .extCondCode,\n .extAuxRegister, and .extCoreRegister pseudo-ops that\n allow an user to define custom instructions, conditional\n codes, auxiliary and core registers.\n\n - Add a configure option --enable-elf-stt-common to decide\n whether ELF assembler should generate common symbols\n with the STT_COMMON type by default. Default to no.\n\n - New command line option --elf-stt-common= for ELF\n targets to control whether to generate common symbols\n with the STT_COMMON type.\n\n - Add ability to set section flags and types via numeric\n values for ELF based targets.\n\n - Add a configure option --enable-x86-relax-relocations to\n decide whether x86 assembler should generate relax\n relocations by default. Default to yes, except for x86\n Solaris targets older than Solaris 12.\n\n - New command line option -mrelax-relocations= for x86\n target to control whether to generate relax relocations.\n\n - New command line option -mfence-as-lock-add=yes for x86\n target to encode lfence, mfence and sfence as 'lock addl\n $0x0, (%[re]sp)'.\n\n - Add assembly-time relaxation option for ARC cpus.\n\n - Add --with-cpu=TYPE configure option for ARC gas. This\n allows the default cpu type to be adjusted at configure\n time.\n\n - GOLD specific :\n\n - Add a configure option --enable-relro to decide whether\n -z relro should be enabled by default. Default to yes.\n\n - Add support for s390, MIPS, AArch64, and TILE-Gx\n architectures.\n\n - Add support for STT_GNU_IFUNC symbols.\n\n - Add support for incremental linking (--incremental).\n\n - GNU ld specific :\n\n - Add a configure option --enable-relro to decide whether\n -z relro should be enabled in ELF linker by default.\n Default to yes for all Linux targets except FRV, HPPA,\n IA64 and MIPS.\n\n - Support for -z noreloc-overflow in the x86-64 ELF linker\n to disable relocation overflow check.\n\n - Add -z common/-z nocommon options for ELF targets to\n control whether to convert common symbols to the\n STT_COMMON type during a relocatable link.\n\n - Support for -z nodynamic-undefined-weak in the x86 ELF\n linker, which avoids dynamic relocations against\n undefined weak symbols in executable.\n\n - The NOCROSSREFSTO command was added to the linker script\n language.\n\n - Add --no-apply-dynamic-relocs to the AArch64 linker to\n do not apply link-time values for dynamic relocations.\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=437293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=445037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=546106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=561142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=578249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=590820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=691290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=698346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=713504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=776968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=863764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=938658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970239\"\n );\n # https://features.opensuse.org/306880\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n # https://features.opensuse.org/311376\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n # https://features.opensuse.org/311554\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n # https://features.opensuse.org/311972\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n # https://features.opensuse.org/312149\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n # https://features.opensuse.org/321454\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n # https://features.opensuse.org/321494\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n # https://features.opensuse.org/323293\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n # https://features.opensuse.org/323972\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-gold\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-gold-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-aarch64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-aarch64-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-aarch64-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-arm-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-arm-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-arm-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-avr-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-avr-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-avr-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-hppa-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-hppa-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-hppa-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-hppa64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-hppa64-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-hppa64-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-i386-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-i386-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-i386-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ia64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ia64-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ia64-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-m68k-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-m68k-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-m68k-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-mips-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-mips-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-mips-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc64-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc64-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc64le-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc64le-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc64le-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-s390-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-s390-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-s390-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-s390x-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-s390x-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-s390x-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-sparc-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-sparc-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-sparc-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-sparc64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-sparc64-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-sparc64-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-spu-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-spu-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-spu-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-x86_64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-x86_64-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-x86_64-binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"binutils-devel-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"binutils-gold-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"binutils-gold-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-aarch64-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-aarch64-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-aarch64-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-arm-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-arm-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-arm-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-avr-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-avr-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-avr-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-hppa-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-hppa-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-hppa-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-hppa64-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-hppa64-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-hppa64-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ia64-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ia64-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ia64-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-m68k-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-m68k-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-m68k-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-mips-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-mips-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-mips-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ppc-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ppc-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ppc-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ppc64-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ppc64-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ppc64-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ppc64le-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ppc64le-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-ppc64le-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-s390-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-s390-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-s390-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-s390x-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-s390x-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-s390x-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-sparc-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-sparc-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-sparc-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-sparc64-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-sparc64-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-sparc64-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-spu-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-spu-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-spu-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-x86_64-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-x86_64-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"cross-x86_64-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"binutils-devel-32bit-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"cross-i386-binutils-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"cross-i386-binutils-debuginfo-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"cross-i386-binutils-debugsource-2.29.1-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"binutils-devel-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"binutils-gold-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"binutils-gold-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-aarch64-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-aarch64-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-aarch64-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-arm-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-arm-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-arm-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-avr-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-avr-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-avr-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-hppa-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-hppa-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-hppa-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-hppa64-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-hppa64-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-hppa64-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ia64-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ia64-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ia64-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-m68k-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-m68k-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-m68k-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-mips-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-mips-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-mips-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ppc-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ppc-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ppc-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ppc64-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ppc64-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ppc64-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ppc64le-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ppc64le-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-ppc64le-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-s390-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-s390-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-s390-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-s390x-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-s390x-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-s390x-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-sparc-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-sparc-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-sparc-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-sparc64-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-sparc64-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-sparc64-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-spu-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-spu-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-spu-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-x86_64-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-x86_64-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cross-x86_64-binutils-debugsource-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"binutils-devel-32bit-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"cross-i386-binutils-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"cross-i386-binutils-debuginfo-2.29.1-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"cross-i386-binutils-debugsource-2.29.1-13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-debuginfo / binutils-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:27:11", "description": "GNU binutil was updated to the 2.29.1 release, bringing various new\nfeatures, fixing a lot of bugs and security issues. Following security\nissues are being addressed by this release :\n\n - 18750 bsc#1030296 CVE-2014-9939\n\n - 20891 bsc#1030585 CVE-2017-7225\n\n - 20892 bsc#1030588 CVE-2017-7224\n\n - 20898 bsc#1030589 CVE-2017-7223\n\n - 20905 bsc#1030584 CVE-2017-7226\n\n - 20908 bsc#1031644 CVE-2017-7299\n\n - 20909 bsc#1031656 CVE-2017-7300\n\n - 20921 bsc#1031595 CVE-2017-7302\n\n - 20922 bsc#1031593 CVE-2017-7303\n\n - 20924 bsc#1031638 CVE-2017-7301\n\n - 20931 bsc#1031590 CVE-2017-7304\n\n - 21135 bsc#1030298 CVE-2017-7209\n\n - 21137 bsc#1029909 CVE-2017-6965\n\n - 21139 bsc#1029908 CVE-2017-6966\n\n - 21156 bsc#1029907 CVE-2017-6969\n\n - 21157 bsc#1030297 CVE-2017-7210\n\n - 21409 bsc#1037052 CVE-2017-8392\n\n - 21412 bsc#1037057 CVE-2017-8393\n\n - 21414 bsc#1037061 CVE-2017-8394\n\n - 21432 bsc#1037066 CVE-2017-8396\n\n - 21440 bsc#1037273 CVE-2017-8421\n\n - 21580 bsc#1044891 CVE-2017-9746\n\n - 21581 bsc#1044897 CVE-2017-9747\n\n - 21582 bsc#1044901 CVE-2017-9748\n\n - 21587 bsc#1044909 CVE-2017-9750\n\n - 21594 bsc#1044925 CVE-2017-9755\n\n - 21595 bsc#1044927 CVE-2017-9756\n\n - 21787 bsc#1052518 CVE-2017-12448\n\n - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507,\n CVE-2017-12454, bsc#1052509, CVE-2017-12453,\n bsc#1052511, CVE-2017-12452, bsc#1052514,\n CVE-2017-12450, bsc#1052503, CVE-2017-12456,\n bsc#1052507, CVE-2017-12454, bsc#1052509,\n CVE-2017-12453, bsc#1052511, CVE-2017-12452,\n bsc#1052514, CVE-2017-12450\n\n - 21933 bsc#1053347 CVE-2017-12799\n\n - 21990 bsc#1058480 CVE-2017-14333\n\n - 22018 bsc#1056312 CVE-2017-13757\n\n - 22047 bsc#1057144 CVE-2017-14129\n\n - 22058 bsc#1057149 CVE-2017-14130\n\n - 22059 bsc#1057139 CVE-2017-14128\n\n - 22113 bsc#1059050 CVE-2017-14529\n\n - 22148 bsc#1060599 CVE-2017-14745\n\n - 22163 bsc#1061241 CVE-2017-14974\n\n - 22170 bsc#1060621 CVE-2017-14729 Update to binutils\n 2.29. [fate#321454, fate#321494, fate#323293] :\n\n - The MIPS port now supports microMIPS eXtended Physical\n Addressing (XPA) instructions for assembly and\n disassembly.\n\n - The MIPS port now supports the microMIPS Release 5 ISA\n for assembly and disassembly.\n\n - The MIPS port now supports the Imagination interAptiv\n MR2 processor, which implements the MIPS32r3 ISA, the\n MIPS16e2 ASE as well as a couple of\n implementation-specific regular MIPS and MIPS16e2 ASE\n instructions.\n\n - The SPARC port now supports the SPARC M8 processor,\n which implements the Oracle SPARC Architecture 2017.\n\n - The MIPS port now supports the MIPS16e2 ASE for assembly\n and disassembly.\n\n - Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.\n\n - Add support for the wasm32 ELF conversion of the\n WebAssembly file format.\n\n - Add --inlines option to objdump, which extends the\n --line-numbers option so that inlined functions will\n display their nesting information.\n\n - Add --merge-notes options to objcopy to reduce the size\n of notes in a binary file by merging and deleting\n redundant notes.\n\n - Add support for locating separate debug info files using\n the build-id method, where the separate file has a name\n based upon the build-id of the original file.\n\n - GAS specific :\n\n - Add support for ELF SHF_GNU_MBIND.\n\n - Add support for the WebAssembly file format and wasm32\n ELF conversion.\n\n - PowerPC gas now checks that the correct register class\n is used in instructions. For instance, 'addi\n %f4,%cr3,%r31' warns three times that the registers are\n invalid.\n\n - Add support for the Texas Instruments PRU processor.\n\n - Support for the ARMv8-R architecture and Cortex-R52\n processor has been added to the ARM port.\n\n - GNU ld specific :\n\n - Support for -z shstk in the x86 ELF linker to generate\n GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program\n properties.\n\n - Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF\n GNU program properties in the x86 ELF linker.\n\n - Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF\n GNU program properties in the x86 ELF linker.\n\n - Support for -z ibtplt in the x86 ELF linker to generate\n IBT-enabled PLT.\n\n - Support for -z ibt in the x86 ELF linker to generate\n IBT-enabled PLT as well as\n GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program\n properties.\n\n - Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.\n\n - Add support for ELF GNU program properties.\n\n - Add support for the Texas Instruments PRU processor.\n\n - When configuring for arc*-*-linux* targets the default\n linker emulation will change if --with-cpu=nps400 is\n used at configure time.\n\n - Improve assignment of LMAs to orphan sections in some\n edge cases where a mixture of both AT>LMA_REGION and\n AT(LMA) are used.\n\n - Orphan sections placed after an empty section that has\n an AT(LMA) will now take an load memory address starting\n from LMA.\n\n - Section groups can now be resolved (the group deleted\n and the group members placed like normal sections) at\n partial link time either using the new linker option\n --force-group-allocation or by placing\n FORCE_GROUP_ALLOCATION into the linker script.\n\n - Add riscv64 target, tested with gcc7 and downstream\n newlib 2.4.0\n\n - Prepare riscv32 target (gh#riscv/riscv-newlib#8)\n\n - Make compressed debug section handling explicit, disable\n for old products and enable for gas on all architectures\n otherwise. [bsc#1029995]\n\n - Remove empty rpath component removal optimization from\n to workaround CMake rpath handling. [bsc#1025282] Minor\n security bugs fixed: PR 21147, PR 21148, PR 21149, PR\n 21150, PR 21151, PR 21155, PR 21158, PR 21159\n\n - Update to binutils 2.28.\n\n - Add support for locating separate debug info files using\n the build-id method, where the separate file has a name\n based upon the build-id of the original file.\n\n - This version of binutils fixes a problem with PowerPC\n VLE 16A and 16D relocations which were functionally\n swapped, for example, R_PPC_VLE_HA16A performed like\n R_PPC_VLE_HA16D while R_PPC_VLE_HA16D performed like\n R_PPC_VLE_HA16A. This could have been fixed by\n renumbering relocations, which would keep object files\n created by an older version of gas compatible with a\n newer ld. However, that would require an ABI update,\n affecting other assemblers and linkers that create and\n process the relocations correctly. It is recommended\n that all VLE object files be recompiled, but ld can\n modify the relocations if --vle-reloc-fixup is passed to\n ld. If the new ld command line option is not used, ld\n will ld warn on finding relocations inconsistent with\n the instructions being relocated.\n\n - The nm program has a new command line option\n (--with-version-strings) which will display a symbol's\n version information, if any, after the symbol's name.\n\n - The ARC port of objdump now accepts a -M option to\n specify the extra instruction class(es) that should be\n disassembled.\n\n - The --remove-section option for objcopy and strip now\n accepts section patterns starting with an exclamation\n point to indicate a non-matching section. A non-matching\n section is removed from the set of sections matched by\n an earlier --remove-section pattern.\n\n - The --only-section option for objcopy now accepts\n section patterns starting with an exclamation point to\n indicate a non-matching section. A non-matching section\n is removed from the set of sections matched by an\n earlier --only-section pattern.\n\n - New --remove-relocations=SECTIONPATTERN option for\n objcopy and strip. This option can be used to remove\n sections containing relocations. The SECTIONPATTERN is\n the section to which the relocations apply, not the\n relocation section itself.\n\n - GAS specific :\n\n - Add support for the RISC-V architecture.\n\n - Add support for the ARM Cortex-M23 and Cortex-M33\n processors.\n\n - GNU ld specific :\n\n - The EXCLUDE_FILE linker script construct can now be\n applied outside of the section list in order for the\n exclusions to apply over all input sections in the list.\n\n - Add support for the RISC-V architecture.\n\n - The command line option --no-eh-frame-hdr can now be\n used in ELF based linkers to disable the automatic\n generation of .eh_frame_hdr sections.\n\n - Add --in-implib=<infile> to the ARM linker to enable\n specifying a set of Secure Gateway veneers that must\n exist in the output import library specified by\n --out-implib=<outfile> and the address they must have.\n As such, --in-implib is only supported in combination\n with --cmse-implib.\n\n - Extended the --out-implib=<file> option, previously\n restricted to x86 PE targets, to any ELF based target.\n This allows the generation of an import library for an\n ELF executable, which can then be used by another\n application to link against the executable.\n\n - GOLD specific :\n\n - Add -z bndplt option (x86-64 only) to support Intel MPX.\n\n - Add --orphan-handling option.\n\n - Add --stub-group-multi option (PowerPC only).\n\n - Add --target1-rel, --target1-abs, --target2 options (Arm\n only).\n\n - Add -z stack-size option.\n\n - Add --be8 option (Arm only).\n\n - Add HIDDEN support in linker scripts.\n\n - Add SORT_BY_INIT_PRIORITY support in linker scripts.\n\n - Other fixes :\n\n - Fix section alignment on .gnu_debuglink. [bso#21193]\n\n - Add s390x to gold_archs.\n\n - Fix alignment frags for aarch64 (bsc#1003846)\n\n - Call ldconfig for libbfd\n\n - Fix an assembler problem with clang on ARM.\n\n - Restore monotonically increasing section offsets.\n\n - Update to binutils 2.27.\n\n - Add a configure option, --enable-64-bit-archive, to\n force use of a 64-bit format when creating an archive\n symbol index.\n\n - Add --elf-stt-common= option to objcopy for ELF targets\n to control whether to convert common symbols to the\n STT_COMMON type.\n\n - GAS specific :\n\n - Default to --enable-compressed-debug-sections=gas for\n Linux/x86 targets.\n\n - Add --no-pad-sections to stop the assembler from padding\n the end of output sections up to their alignment\n boundary.\n\n - Support for the ARMv8-M architecture has been added to\n the ARM port. Support for the ARMv8-M Security and DSP\n Extensions has also been added to the ARM port.\n\n - ARC backend accepts .extInstruction, .extCondCode,\n .extAuxRegister, and .extCoreRegister pseudo-ops that\n allow an user to define custom instructions, conditional\n codes, auxiliary and core registers.\n\n - Add a configure option --enable-elf-stt-common to decide\n whether ELF assembler should generate common symbols\n with the STT_COMMON type by default. Default to no.\n\n - New command line option --elf-stt-common= for ELF\n targets to control whether to generate common symbols\n with the STT_COMMON type.\n\n - Add ability to set section flags and types via numeric\n values for ELF based targets.\n\n - Add a configure option --enable-x86-relax-relocations to\n decide whether x86 assembler should generate relax\n relocations by default. Default to yes, except for x86\n Solaris targets older than Solaris 12.\n\n - New command line option -mrelax-relocations= for x86\n target to control whether to generate relax relocations.\n\n - New command line option -mfence-as-lock-add=yes for x86\n target to encode lfence, mfence and sfence as 'lock addl\n $0x0, (%[re]sp)'.\n\n - Add assembly-time relaxation option for ARC cpus.\n\n - Add --with-cpu=TYPE configure option for ARC gas. This\n allows the default cpu type to be adjusted at configure\n time.\n\n - GOLD specific :\n\n - Add a configure option --enable-relro to decide whether\n -z relro should be enabled by default. Default to yes.\n\n - Add support for s390, MIPS, AArch64, and TILE-Gx\n architectures.\n\n - Add support for STT_GNU_IFUNC symbols.\n\n - Add support for incremental linking (--incremental).\n\n - GNU ld specific :\n\n - Add a configure option --enable-relro to decide whether\n -z relro should be enabled in ELF linker by default.\n Default to yes for all Linux targets except FRV, HPPA,\n IA64 and MIPS.\n\n - Support for -z noreloc-overflow in the x86-64 ELF linker\n to disable relocation overflow check.\n\n - Add -z common/-z nocommon options for ELF targets to\n control whether to convert common symbols to the\n STT_COMMON type during a relocatable link.\n\n - Support for -z nodynamic-undefined-weak in the x86 ELF\n linker, which avoids dynamic relocations against\n undefined weak symbols in executable.\n\n - The NOCROSSREFSTO command was added to the linker script\n language.\n\n - Add --no-apply-dynamic-relocs to the AArch64 linker to\n do not apply link-time values for dynamic\n relocations.</file></outfile></infile>\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-01T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2017:3170-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8395", "CVE-2017-9755", "CVE-2017-9043", "CVE-2017-12456", "CVE-2017-14745", "CVE-2017-14130", "CVE-2017-12448", "CVE-2017-9042", "CVE-2017-7614", "CVE-2017-7223", "CVE-2017-14529", "CVE-2017-14729", "CVE-2017-14974", "CVE-2017-7299", "CVE-2017-9746", "CVE-2017-7300", "CVE-2017-9041", "CVE-2017-8396", "CVE-2017-14128", "CVE-2017-9038", "CVE-2017-7227", "CVE-2017-12453", "CVE-2017-8394", "CVE-2017-9954", "CVE-2017-9039", "CVE-2017-7224", "CVE-2017-9955", "CVE-2017-7303", "CVE-2017-12450", "CVE-2017-9750", "CVE-2017-9756", "CVE-2017-12799", "CVE-2017-7302", "CVE-2017-9748", "CVE-2014-9939", "CVE-2017-6966", "CVE-2017-14333", "CVE-2017-7225", "CVE-2017-12452", "CVE-2017-9044", "CVE-2017-8393", "CVE-2017-8397", "CVE-2017-8392", "CVE-2017-7301", "CVE-2017-6965", "CVE-2017-7210", "CVE-2017-7304", "CVE-2017-7209", "CVE-2017-7226", "CVE-2017-9040", "CVE-2017-13757", "CVE-2017-8398", "CVE-2017-9747", "CVE-2017-14129", "CVE-2017-8421", "CVE-2017-12454", "CVE-2017-6969"], "modified": "2017-12-01T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:binutils-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:binutils-debugsource", "p-cpe:/a:novell:suse_linux:binutils"], "id": "SUSE_SU-2017-3170-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104968", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3170-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104968);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9939\", \"CVE-2017-12448\", \"CVE-2017-12450\", \"CVE-2017-12452\", \"CVE-2017-12453\", \"CVE-2017-12454\", \"CVE-2017-12456\", \"CVE-2017-12799\", \"CVE-2017-13757\", \"CVE-2017-14128\", \"CVE-2017-14129\", \"CVE-2017-14130\", \"CVE-2017-14333\", \"CVE-2017-14529\", \"CVE-2017-14729\", \"CVE-2017-14745\", \"CVE-2017-14974\", \"CVE-2017-6965\", \"CVE-2017-6966\", \"CVE-2017-6969\", \"CVE-2017-7209\", \"CVE-2017-7210\", \"CVE-2017-7223\", \"CVE-2017-7224\", \"CVE-2017-7225\", \"CVE-2017-7226\", \"CVE-2017-7227\", \"CVE-2017-7299\", \"CVE-2017-7300\", \"CVE-2017-7301\", \"CVE-2017-7302\", \"CVE-2017-7303\", \"CVE-2017-7304\", \"CVE-2017-7614\", \"CVE-2017-8392\", \"CVE-2017-8393\", \"CVE-2017-8394\", \"CVE-2017-8395\", \"CVE-2017-8396\", \"CVE-2017-8397\", \"CVE-2017-8398\", \"CVE-2017-8421\", \"CVE-2017-9038\", \"CVE-2017-9039\", \"CVE-2017-9040\", \"CVE-2017-9041\", \"CVE-2017-9042\", \"CVE-2017-9043\", \"CVE-2017-9044\", \"CVE-2017-9746\", \"CVE-2017-9747\", \"CVE-2017-9748\", \"CVE-2017-9750\", \"CVE-2017-9755\", \"CVE-2017-9756\", \"CVE-2017-9954\", \"CVE-2017-9955\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2017:3170-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNU binutil was updated to the 2.29.1 release, bringing various new\nfeatures, fixing a lot of bugs and security issues. Following security\nissues are being addressed by this release :\n\n - 18750 bsc#1030296 CVE-2014-9939\n\n - 20891 bsc#1030585 CVE-2017-7225\n\n - 20892 bsc#1030588 CVE-2017-7224\n\n - 20898 bsc#1030589 CVE-2017-7223\n\n - 20905 bsc#1030584 CVE-2017-7226\n\n - 20908 bsc#1031644 CVE-2017-7299\n\n - 20909 bsc#1031656 CVE-2017-7300\n\n - 20921 bsc#1031595 CVE-2017-7302\n\n - 20922 bsc#1031593 CVE-2017-7303\n\n - 20924 bsc#1031638 CVE-2017-7301\n\n - 20931 bsc#1031590 CVE-2017-7304\n\n - 21135 bsc#1030298 CVE-2017-7209\n\n - 21137 bsc#1029909 CVE-2017-6965\n\n - 21139 bsc#1029908 CVE-2017-6966\n\n - 21156 bsc#1029907 CVE-2017-6969\n\n - 21157 bsc#1030297 CVE-2017-7210\n\n - 21409 bsc#1037052 CVE-2017-8392\n\n - 21412 bsc#1037057 CVE-2017-8393\n\n - 21414 bsc#1037061 CVE-2017-8394\n\n - 21432 bsc#1037066 CVE-2017-8396\n\n - 21440 bsc#1037273 CVE-2017-8421\n\n - 21580 bsc#1044891 CVE-2017-9746\n\n - 21581 bsc#1044897 CVE-2017-9747\n\n - 21582 bsc#1044901 CVE-2017-9748\n\n - 21587 bsc#1044909 CVE-2017-9750\n\n - 21594 bsc#1044925 CVE-2017-9755\n\n - 21595 bsc#1044927 CVE-2017-9756\n\n - 21787 bsc#1052518 CVE-2017-12448\n\n - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507,\n CVE-2017-12454, bsc#1052509, CVE-2017-12453,\n bsc#1052511, CVE-2017-12452, bsc#1052514,\n CVE-2017-12450, bsc#1052503, CVE-2017-12456,\n bsc#1052507, CVE-2017-12454, bsc#1052509,\n CVE-2017-12453, bsc#1052511, CVE-2017-12452,\n bsc#1052514, CVE-2017-12450\n\n - 21933 bsc#1053347 CVE-2017-12799\n\n - 21990 bsc#1058480 CVE-2017-14333\n\n - 22018 bsc#1056312 CVE-2017-13757\n\n - 22047 bsc#1057144 CVE-2017-14129\n\n - 22058 bsc#1057149 CVE-2017-14130\n\n - 22059 bsc#1057139 CVE-2017-14128\n\n - 22113 bsc#1059050 CVE-2017-14529\n\n - 22148 bsc#1060599 CVE-2017-14745\n\n - 22163 bsc#1061241 CVE-2017-14974\n\n - 22170 bsc#1060621 CVE-2017-14729 Update to binutils\n 2.29. [fate#321454, fate#321494, fate#323293] :\n\n - The MIPS port now supports microMIPS eXtended Physical\n Addressing (XPA) instructions for assembly and\n disassembly.\n\n - The MIPS port now supports the microMIPS Release 5 ISA\n for assembly and disassembly.\n\n - The MIPS port now supports the Imagination interAptiv\n MR2 processor, which implements the MIPS32r3 ISA, the\n MIPS16e2 ASE as well as a couple of\n implementation-specific regular MIPS and MIPS16e2 ASE\n instructions.\n\n - The SPARC port now supports the SPARC M8 processor,\n which implements the Oracle SPARC Architecture 2017.\n\n - The MIPS port now supports the MIPS16e2 ASE for assembly\n and disassembly.\n\n - Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.\n\n - Add support for the wasm32 ELF conversion of the\n WebAssembly file format.\n\n - Add --inlines option to objdump, which extends the\n --line-numbers option so that inlined functions will\n display their nesting information.\n\n - Add --merge-notes options to objcopy to reduce the size\n of notes in a binary file by merging and deleting\n redundant notes.\n\n - Add support for locating separate debug info files using\n the build-id method, where the separate file has a name\n based upon the build-id of the original file.\n\n - GAS specific :\n\n - Add support for ELF SHF_GNU_MBIND.\n\n - Add support for the WebAssembly file format and wasm32\n ELF conversion.\n\n - PowerPC gas now checks that the correct register class\n is used in instructions. For instance, 'addi\n %f4,%cr3,%r31' warns three times that the registers are\n invalid.\n\n - Add support for the Texas Instruments PRU processor.\n\n - Support for the ARMv8-R architecture and Cortex-R52\n processor has been added to the ARM port.\n\n - GNU ld specific :\n\n - Support for -z shstk in the x86 ELF linker to generate\n GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program\n properties.\n\n - Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF\n GNU program properties in the x86 ELF linker.\n\n - Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF\n GNU program properties in the x86 ELF linker.\n\n - Support for -z ibtplt in the x86 ELF linker to generate\n IBT-enabled PLT.\n\n - Support for -z ibt in the x86 ELF linker to generate\n IBT-enabled PLT as well as\n GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program\n properties.\n\n - Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.\n\n - Add support for ELF GNU program properties.\n\n - Add support for the Texas Instruments PRU processor.\n\n - When configuring for arc*-*-linux* targets the default\n linker emulation will change if --with-cpu=nps400 is\n used at configure time.\n\n - Improve assignment of LMAs to orphan sections in some\n edge cases where a mixture of both AT>LMA_REGION and\n AT(LMA) are used.\n\n - Orphan sections placed after an empty section that has\n an AT(LMA) will now take an load memory address starting\n from LMA.\n\n - Section groups can now be resolved (the group deleted\n and the group members placed like normal sections) at\n partial link time either using the new linker option\n --force-group-allocation or by placing\n FORCE_GROUP_ALLOCATION into the linker script.\n\n - Add riscv64 target, tested with gcc7 and downstream\n newlib 2.4.0\n\n - Prepare riscv32 target (gh#riscv/riscv-newlib#8)\n\n - Make compressed debug section handling explicit, disable\n for old products and enable for gas on all architectures\n otherwise. [bsc#1029995]\n\n - Remove empty rpath component removal optimization from\n to workaround CMake rpath handling. [bsc#1025282] Minor\n security bugs fixed: PR 21147, PR 21148, PR 21149, PR\n 21150, PR 21151, PR 21155, PR 21158, PR 21159\n\n - Update to binutils 2.28.\n\n - Add support for locating separate debug info files using\n the build-id method, where the separate file has a name\n based upon the build-id of the original file.\n\n - This version of binutils fixes a problem with PowerPC\n VLE 16A and 16D relocations which were functionally\n swapped, for example, R_PPC_VLE_HA16A performed like\n R_PPC_VLE_HA16D while R_PPC_VLE_HA16D performed like\n R_PPC_VLE_HA16A. This could have been fixed by\n renumbering relocations, which would keep object files\n created by an older version of gas compatible with a\n newer ld. However, that would require an ABI update,\n affecting other assemblers and linkers that create and\n process the relocations correctly. It is recommended\n that all VLE object files be recompiled, but ld can\n modify the relocations if --vle-reloc-fixup is passed to\n ld. If the new ld command line option is not used, ld\n will ld warn on finding relocations inconsistent with\n the instructions being relocated.\n\n - The nm program has a new command line option\n (--with-version-strings) which will display a symbol's\n version information, if any, after the symbol's name.\n\n - The ARC port of objdump now accepts a -M option to\n specify the extra instruction class(es) that should be\n disassembled.\n\n - The --remove-section option for objcopy and strip now\n accepts section patterns starting with an exclamation\n point to indicate a non-matching section. A non-matching\n section is removed from the set of sections matched by\n an earlier --remove-section pattern.\n\n - The --only-section option for objcopy now accepts\n section patterns starting with an exclamation point to\n indicate a non-matching section. A non-matching section\n is removed from the set of sections matched by an\n earlier --only-section pattern.\n\n - New --remove-relocations=SECTIONPATTERN option for\n objcopy and strip. This option can be used to remove\n sections containing relocations. The SECTIONPATTERN is\n the section to which the relocations apply, not the\n relocation section itself.\n\n - GAS specific :\n\n - Add support for the RISC-V architecture.\n\n - Add support for the ARM Cortex-M23 and Cortex-M33\n processors.\n\n - GNU ld specific :\n\n - The EXCLUDE_FILE linker script construct can now be\n applied outside of the section list in order for the\n exclusions to apply over all input sections in the list.\n\n - Add support for the RISC-V architecture.\n\n - The command line option --no-eh-frame-hdr can now be\n used in ELF based linkers to disable the automatic\n generation of .eh_frame_hdr sections.\n\n - Add --in-implib=<infile> to the ARM linker to enable\n specifying a set of Secure Gateway veneers that must\n exist in the output import library specified by\n --out-implib=<outfile> and the address they must have.\n As such, --in-implib is only supported in combination\n with --cmse-implib.\n\n - Extended the --out-implib=<file> option, previously\n restricted to x86 PE targets, to any ELF based target.\n This allows the generation of an import library for an\n ELF executable, which can then be used by another\n application to link against the executable.\n\n - GOLD specific :\n\n - Add -z bndplt option (x86-64 only) to support Intel MPX.\n\n - Add --orphan-handling option.\n\n - Add --stub-group-multi option (PowerPC only).\n\n - Add --target1-rel, --target1-abs, --target2 options (Arm\n only).\n\n - Add -z stack-size option.\n\n - Add --be8 option (Arm only).\n\n - Add HIDDEN support in linker scripts.\n\n - Add SORT_BY_INIT_PRIORITY support in linker scripts.\n\n - Other fixes :\n\n - Fix section alignment on .gnu_debuglink. [bso#21193]\n\n - Add s390x to gold_archs.\n\n - Fix alignment frags for aarch64 (bsc#1003846)\n\n - Call ldconfig for libbfd\n\n - Fix an assembler problem with clang on ARM.\n\n - Restore monotonically increasing section offsets.\n\n - Update to binutils 2.27.\n\n - Add a configure option, --enable-64-bit-archive, to\n force use of a 64-bit format when creating an archive\n symbol index.\n\n - Add --elf-stt-common= option to objcopy for ELF targets\n to control whether to convert common symbols to the\n STT_COMMON type.\n\n - GAS specific :\n\n - Default to --enable-compressed-debug-sections=gas for\n Linux/x86 targets.\n\n - Add --no-pad-sections to stop the assembler from padding\n the end of output sections up to their alignment\n boundary.\n\n - Support for the ARMv8-M architecture has been added to\n the ARM port. Support for the ARMv8-M Security and DSP\n Extensions has also been added to the ARM port.\n\n - ARC backend accepts .extInstruction, .extCondCode,\n .extAuxRegister, and .extCoreRegister pseudo-ops that\n allow an user to define custom instructions, conditional\n codes, auxiliary and core registers.\n\n - Add a configure option --enable-elf-stt-common to decide\n whether ELF assembler should generate common symbols\n with the STT_COMMON type by default. Default to no.\n\n - New command line option --elf-stt-common= for ELF\n targets to control whether to generate common symbols\n with the STT_COMMON type.\n\n - Add ability to set section flags and types via numeric\n values for ELF based targets.\n\n - Add a configure option --enable-x86-relax-relocations to\n decide whether x86 assembler should generate relax\n relocations by default. Default to yes, except for x86\n Solaris targets older than Solaris 12.\n\n - New command line option -mrelax-relocations= for x86\n target to control whether to generate relax relocations.\n\n - New command line option -mfence-as-lock-add=yes for x86\n target to encode lfence, mfence and sfence as 'lock addl\n $0x0, (%[re]sp)'.\n\n - Add assembly-time relaxation option for ARC cpus.\n\n - Add --with-cpu=TYPE configure option for ARC gas. This\n allows the default cpu type to be adjusted at configure\n time.\n\n - GOLD specific :\n\n - Add a configure option --enable-relro to decide whether\n -z relro should be enabled by default. Default to yes.\n\n - Add support for s390, MIPS, AArch64, and TILE-Gx\n architectures.\n\n - Add support for STT_GNU_IFUNC symbols.\n\n - Add support for incremental linking (--incremental).\n\n - GNU ld specific :\n\n - Add a configure option --enable-relro to decide whether\n -z relro should be enabled in ELF linker by default.\n Default to yes for all Linux targets except FRV, HPPA,\n IA64 and MIPS.\n\n - Support for -z noreloc-overflow in the x86-64 ELF linker\n to disable relocation overflow check.\n\n - Add -z common/-z nocommon options for ELF targets to\n control whether to convert common symbols to the\n STT_COMMON type during a relocatable link.\n\n - Support for -z nodynamic-undefined-weak in the x86 ELF\n linker, which avoids dynamic relocations against\n undefined weak symbols in executable.\n\n - The NOCROSSREFSTO command was added to the linker script\n language.\n\n - Add --no-apply-dynamic-relocs to the AArch64 linker to\n do not apply link-time values for dynamic\n relocations.</file></outfile></infile>\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=437293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=445037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=546106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=561142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=578249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=590820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=691290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=698346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=713504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=776968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=863764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9939/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12448/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12450/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12452/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12453/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12454/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12456/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14333/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6969/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7210/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7223/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7224/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7225/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7226/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7227/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7299/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7300/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7301/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7302/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7303/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7304/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7614/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8393/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8394/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8395/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8396/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8397/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8398/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8421/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9039/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9040/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9041/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9043/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9044/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9747/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9748/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9750/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9755/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9756/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9954/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9955/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173170-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ef1d319\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1971=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1971=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1971=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1971=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1971=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1971=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1971=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1971=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1971=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"binutils-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"binutils-debuginfo-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"binutils-debugsource-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"binutils-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"binutils-debuginfo-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"binutils-debugsource-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"binutils-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"binutils-debuginfo-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"binutils-debugsource-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"binutils-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"binutils-debuginfo-2.29.1-9.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"binutils-debugsource-2.29.1-9.20.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7747"], "description": "Crash on audiofiles processing.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "title": "audiofile memory corruption", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. (CVE-2015-7803, CVE-2015-7804)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32651", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "title": "[USN-2786-1] PHP vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4878", "CVE-2015-4877"], "description": "\r\n\r\n======================================================================\r\n\r\n Secunia Research (now part of Flexera Software) 26/10/2015\r\n\r\n Oracle Outside In Two Buffer Overflow Vulnerabilities\r\n\r\n======================================================================\r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nDescription of Vulnerabilities.......................................3\r\nSolution.............................................................4\r\nTime Table...........................................................5\r\nCredits..............................................................6\r\nReferences...........................................................7\r\nAbout Secunia........................................................8\r\nVerification.........................................................9\r\n\r\n======================================================================\r\n\r\n1) Affected Software\r\n\r\n* Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2.\r\n\r\n====================================================================== \r\n2) Severity\r\n\r\nRating: Moderately critical\r\nImpact: System Access\r\nWhere: From remote\r\n\r\n====================================================================== \r\n3) Description of Vulnerabilities\r\n\r\nSecunia Research has discovered two vulnerabilities in Oracle Outside\r\nIn Technology, which can be exploited by malicious people to cause a\r\nDoS (Denial of Service) and compromise an application using the SDK.\r\n\r\n1) An error in the vstga.dll when processing TGA files can be\r\nexploited to cause an out-of-bounds write memory access.\r\n\r\n2) An error in the libxwd2.dll when processing XWD files can be\r\nexploited to cause a stack-based buffer overflow.\r\n\r\nSuccessful exploitation of the vulnerabilities may allow execution of\r\narbitrary code.\r\n\r\n====================================================================== \r\n4) Solution\r\n\r\nApply update. Please see the Oracle Critical Patch Update Advisory\r\nfor October 2015 for details.\r\n\r\n====================================================================== \r\n5) Time Table\r\n\r\n14/07/2015 - Vendor notified of vulnerabilities.\r\n14/07/2015 - Vendor acknowledges report.\r\n16/07/2015 - Vendor supplied bug ticket ID.\r\n27/07/2015 - Vendor supplied information of fix in main codeline.\r\n24/09/2015 - Replied to vendor and asked about CVE references.\r\n25/09/2015 - Vendor replied that they check our request.\r\n27/09/2015 - Vendor assigned two CVE references.\r\n17/10/2015 - Vendor supplied 20/10/2015 as estimated fix date.\r\n20/10/2015 - Release of vendor patch.\r\n21/10/2015 - Public disclosure.\r\n26/10/2015 - Publication of research advisory.\r\n\r\n======================================================================\r\n\r\n6) Credits\r\n\r\nDiscovered by Behzad Najjarpour Jabbari, Secunia Research (now part\r\nof Flexera Software).\r\n\r\n======================================================================\r\n\r\n7) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe CVE-2015-4877 and CVE-2015-4878 identifiers for the\r\nvulnerabilities.\r\n\r\n======================================================================\r\n\r\n8) About Secunia (now part of Flexera Software)\r\n\r\nIn September 2015, Secunia has been acquired by Flexera Software:\r\n\r\nhttps://secunia.com/blog/435/\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private\r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the\r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n======================================================================\r\n\r\n9) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2015-04/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32659", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32659", "title": "Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities", "type": "securityvulns", "cvss": {"score": 1.5, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4845"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - Database user enumeration\r\nAdvisory ID: [ERPSCAN-15-025]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/\r\nDate published:20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: User Enumeration\r\nImpact: user enumeration, SSRF\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4845\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity None (N)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThere is a script in EBS that is used to connect to the database and\r\ndisplays the connection status. Different connection results can help\r\nan attacker to find existing database accounts.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.2.4\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nDatabase users enumeration\r\nVunerable script: Aoljtest.js\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32656", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32656", "title": "[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "title": "apport security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4886"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite XXE injection\r\nAdvisory ID: [ERPSCAN-15-028]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4886\r\nCVSS Information\r\nCVSS Base Score: 6.4 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Low (L)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/copxml\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32653", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32653", "title": "[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4854"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite Cross-site Scripting\r\nAdvisory ID: [ERPSCAN-15-027]\r\nAdvisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: Cross-site Scripting\r\nImpact: impersonation, information disclosure\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4854\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality None (N)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nAn anonymous attacker can create a special link that injects malicious JS code\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nCfgOCIReturn servlet is vulnerable to Cross-site Scripting (XSS) due\r\nto lack of sanitizing the "domain" parameter.\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32658", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32658", "title": "[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7747"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2787-1\r\nOctober 28, 2015\r\n\r\naudiofile vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\naudiofile could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- audiofile: Open-source version of the SGI audiofile library\r\n\r\nDetails:\r\n\r\nFabrizio Gennari discovered that audiofile incorrectly handled changing\r\nboth the sample format and the number of channels. If a user or automated\r\nsystem were tricked into processing a specially crafted file, audiofile\r\ncould be made to crash, leading to a denial of service, or possibly execute\r\narbitrary code.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libaudiofile1 0.3.6-2ubuntu0.15.10.1\r\n\r\nUbuntu 15.04:\r\n libaudiofile1 0.3.6-2ubuntu0.15.04.1\r\n\r\nUbuntu 14.04 LTS:\r\n libaudiofile1 0.3.6-2ubuntu0.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libaudiofile1 0.3.3-2ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2787-1\r\n CVE-2015-7747\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.10.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.14.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.3-2ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32652", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32652", "title": "[USN-2787-1] audiofile vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4851"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite XXE injection\r\nAdvisory ID: [ERPSCAN-15-030]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4851\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability Partial (P)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/oramipp_lpr\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32655", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32655", "title": "[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-1341"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2782-1\r\nOctober 27, 2015\r\n\r\napport vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nApport could be made to run programs as an administrator.\r\n\r\nSoftware Description:\r\n- apport: automatically generate crash reports for debugging\r\n\r\nDetails:\r\n\r\nGabriel Campana discovered that Apport incorrectly handled Python module\r\nimports. A local attacker could use this issue to elevate privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n apport 2.19.1-0ubuntu4\r\n\r\nUbuntu 15.04:\r\n apport 2.17.2-0ubuntu1.7\r\n\r\nUbuntu 14.04 LTS:\r\n apport 2.14.1-0ubuntu3.18\r\n\r\nUbuntu 12.04 LTS:\r\n apport 2.0.1-0ubuntu17.13\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2782-1\r\n CVE-2015-1341\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/apport/2.19.1-0ubuntu4\r\n https://launchpad.net/ubuntu/+source/apport/2.17.2-0ubuntu1.7\r\n https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18\r\n https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.13\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32660", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32660", "title": "[USN-2782-1] Apport vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}
