{"id": "USN-3860-2", "bulletinFamily": "unix", "title": "libcaca vulnerabilities", "description": "USN-3860-1 fixed a vulnerability in libcaca. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that libcaca incorrectly handled certain images. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2018-20544)\n\nIt was discovered that libcaca incorrectly handled certain images. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2018-20545, CVE-2018-20548, CVE-2018-20459)\n\nIt was discovered that libcaca incorrectly handled certain images. \nAn attacker could possibly use this issue to access sensitive information. \n(CVE-2018-20546, CVE-2018-20547)", "published": "2019-01-15T00:00:00", "modified": "2019-01-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://ubuntu.com/security/notices/USN-3860-2", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20544", "https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20549", "https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20548", "https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20546", "https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20547", "https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20545"], "cvelist": ["CVE-2018-20544", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20459", "CVE-2018-20547"], "type": "ubuntu", "lastseen": "2020-07-02T11:33:46", "edition": 4, "viewCount": 56, "enchantments": {"dependencies": {"references": [{"type": "ubuntu", "idList": ["USN-3860-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843872", "OPENVAS:1361412562310875416", "OPENVAS:1361412562310891631", "OPENVAS:1361412562310852399"]}, {"type": "nessus", "idList": ["SUSE_SU-2019-2745-2.NASL", "DEBIAN_DLA-1631.NASL", "FEDORA_2019-5750AD7485.NASL", "SUSE_SU-2019-2745-1.NASL", "OPENSUSE-2019-1144.NASL", "SUSE_SU-2019-0770-1.NASL", "UBUNTU_USN-3860-1.NASL", "FEDORA_2019-D4D8AF2C22.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1144-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1631-1:42629"]}, {"type": "cve", "idList": ["CVE-2018-20459", "CVE-2018-20547", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20544", "CVE-2018-20546", "CVE-2018-20549"]}, {"type": "fedora", "idList": ["FEDORA:1250A60CFA79", "FEDORA:081946048FD2"]}], "modified": "2020-07-02T11:33:46", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2020-07-02T11:33:46", "rev": 2}, "vulnersScore": 6.0}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "caca-utils", "packageVersion": "0.99.beta17-2.1ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libcaca0", "packageVersion": "0.99.beta17-2.1ubuntu2.1"}], "scheme": null}

{"ubuntu": [{"lastseen": "2020-07-02T11:33:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20544", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20459", "CVE-2018-20547"], "description": "It was discovered that libcaca incorrectly handled certain images. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2018-20544)\n\nIt was discovered that libcaca incorrectly handled certain images. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2018-20545, CVE-2018-20548, CVE-2018-20459)\n\nIt was discovered that libcaca incorrectly handled certain images. \nAn attacker could possibly use this issue to access sensitive information. \n(CVE-2018-20546, CVE-2018-20547)", "edition": 3, "modified": "2019-01-15T00:00:00", "published": "2019-01-15T00:00:00", "id": "USN-3860-1", "href": "https://ubuntu.com/security/notices/USN-3860-1", "title": "libcaca vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-03-18T03:25:18", "description": "It was discovered that libcaca incorrectly handled certain images. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2018-20544)\n\nIt was discovered that libcaca incorrectly handled certain images. An\nattacker could possibly use this issue to execute arbitrary code.\n(CVE-2018-20545, CVE-2018-20548, CVE-2018-20459)\n\nIt was discovered that libcaca incorrectly handled certain images. An\nattacker could possibly use this issue to access sensitive\ninformation. (CVE-2018-20546, CVE-2018-20547).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 8, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-16T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : libcaca vulnerabilities (USN-3860-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20544", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20459", "CVE-2018-20547"], "modified": "2019-01-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.10", "p-cpe:/a:canonical:ubuntu_linux:caca-utils", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libcaca0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3860-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121212", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3860-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121212);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-20459\", \"CVE-2018-20544\", \"CVE-2018-20545\", \"CVE-2018-20546\", \"CVE-2018-20547\", \"CVE-2018-20548\", \"CVE-2018-20549\");\n script_xref(name:\"USN\", value:\"3860-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : libcaca vulnerabilities (USN-3860-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libcaca incorrectly handled certain images. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2018-20544)\n\nIt was discovered that libcaca incorrectly handled certain images. An\nattacker could possibly use this issue to execute arbitrary code.\n(CVE-2018-20545, CVE-2018-20548, CVE-2018-20459)\n\nIt was discovered that libcaca incorrectly handled certain images. An\nattacker could possibly use this issue to access sensitive\ninformation. (CVE-2018-20546, CVE-2018-20547).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3860-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected caca-utils and / or libcaca0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:caca-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcaca0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"caca-utils\", pkgver:\"0.99.beta18-1ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcaca0\", pkgver:\"0.99.beta18-1ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"caca-utils\", pkgver:\"0.99.beta19-2ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcaca0\", pkgver:\"0.99.beta19-2ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"caca-utils\", pkgver:\"0.99.beta19-2ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcaca0\", pkgver:\"0.99.beta19-2ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"caca-utils\", pkgver:\"0.99.beta19-2ubuntu0.18.10.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcaca0\", pkgver:\"0.99.beta19-2ubuntu0.18.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"caca-utils / libcaca0\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T06:55:55", "description": "This update for libcaca fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-20544: Fixed a floating point exception at caca/dither.c\n(bsc#1120502)\n\nCVE-2018-20545: Fixed a WRITE memory access in the load_image function\nat common-image.c for 4bpp (bsc#1120584)\n\nCVE-2018-20546: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for bpp (bsc#1120503)\n\nCVE-2018-20547: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for 24bpp (bsc#1120504)\n\nCVE-2018-20548: Fixed a WRITE memory access in the load_image function\nat common-image.c for 1bpp (bsc#1120589)\n\nCVE-2018-20549: Fixed a WRITE memory access in the caca_file_read\nfunction at caca/file.c (bsc#1120470)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-23T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libcaca (SUSE-SU-2019:2745-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20544", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20547"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libcaca0", "p-cpe:/a:novell:suse_linux:libcaca-debugsource", "p-cpe:/a:novell:suse_linux:libcaca0-debuginfo"], "id": "SUSE_SU-2019-2745-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130166", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2745-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130166);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2018-20544\", \"CVE-2018-20545\", \"CVE-2018-20546\", \"CVE-2018-20547\", \"CVE-2018-20548\", \"CVE-2018-20549\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libcaca (SUSE-SU-2019:2745-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libcaca fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-20544: Fixed a floating point exception at caca/dither.c\n(bsc#1120502)\n\nCVE-2018-20545: Fixed a WRITE memory access in the load_image function\nat common-image.c for 4bpp (bsc#1120584)\n\nCVE-2018-20546: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for bpp (bsc#1120503)\n\nCVE-2018-20547: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for 24bpp (bsc#1120504)\n\nCVE-2018-20548: Fixed a WRITE memory access in the load_image function\nat common-image.c for 1bpp (bsc#1120589)\n\nCVE-2018-20549: Fixed a WRITE memory access in the caca_file_read\nfunction at caca/file.c (bsc#1120470)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20546/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20547/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20549/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192745-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc470fcb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-2745=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2745=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2745=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcaca-debugsource-0.99.beta18-14.3.27\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcaca0-0.99.beta18-14.3.27\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcaca0-debuginfo-0.99.beta18-14.3.27\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcaca-debugsource-0.99.beta18-14.3.27\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcaca0-0.99.beta18-14.3.27\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcaca0-debuginfo-0.99.beta18-14.3.27\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcaca\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T06:55:55", "description": "This update for libcaca fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-20544: Fixed a floating point exception at caca/dither.c\n(bsc#1120502)\n\nCVE-2018-20545: Fixed a WRITE memory access in the load_image function\nat common-image.c for 4bpp (bsc#1120584)\n\nCVE-2018-20546: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for bpp (bsc#1120503)\n\nCVE-2018-20547: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for 24bpp (bsc#1120504)\n\nCVE-2018-20548: Fixed a WRITE memory access in the load_image function\nat common-image.c for 1bpp (bsc#1120589)\n\nCVE-2018-20549: Fixed a WRITE memory access in the caca_file_read\nfunction at caca/file.c (bsc#1120470)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-13T00:00:00", "title": "SUSE SLES12 Security Update : libcaca (SUSE-SU-2019:2745-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20544", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20547"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libcaca0", "p-cpe:/a:novell:suse_linux:libcaca-debugsource", "p-cpe:/a:novell:suse_linux:libcaca0-debuginfo"], "id": "SUSE_SU-2019-2745-2.NASL", "href": "https://www.tenable.com/plugins/nessus/130942", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2745-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130942);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2018-20544\", \"CVE-2018-20545\", \"CVE-2018-20546\", \"CVE-2018-20547\", \"CVE-2018-20548\", \"CVE-2018-20549\");\n\n script_name(english:\"SUSE SLES12 Security Update : libcaca (SUSE-SU-2019:2745-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libcaca fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-20544: Fixed a floating point exception at caca/dither.c\n(bsc#1120502)\n\nCVE-2018-20545: Fixed a WRITE memory access in the load_image function\nat common-image.c for 4bpp (bsc#1120584)\n\nCVE-2018-20546: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for bpp (bsc#1120503)\n\nCVE-2018-20547: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for 24bpp (bsc#1120504)\n\nCVE-2018-20548: Fixed a WRITE memory access in the load_image function\nat common-image.c for 1bpp (bsc#1120589)\n\nCVE-2018-20549: Fixed a WRITE memory access in the caca_file_read\nfunction at caca/file.c (bsc#1120470)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20546/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20547/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20549/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192745-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?022fe4dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2019-2745=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-2745=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libcaca-debugsource-0.99.beta18-14.3.27\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libcaca0-0.99.beta18-14.3.27\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libcaca0-debuginfo-0.99.beta18-14.3.27\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcaca\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:17:33", "description": "This update for libcaca fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-20544: Fixed a floating point exception at caca/dither.c\n(bsc#1120502)\n\nCVE-2018-20545: Fixed a WRITE memory access in the load_image function\nat common-image.c for 4bpp (bsc#1120584)\n\nCVE-2018-20546: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for bpp (bsc#1120503)\n\nCVE-2018-20547: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for 24bpp (bsc#1120504)\n\nCVE-2018-20548: Fixed a WRITE memory access in the load_image function\nat common-image.c for 1bpp (bsc#1120589)\n\nCVE-2018-20549: Fixed a WRITE memory access in the caca_file_read\nfunction at caca/file.c (bsc#1120470)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-28T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : libcaca (SUSE-SU-2019:0770-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20544", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20547"], "modified": "2019-03-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libcaca-ruby-debuginfo", "p-cpe:/a:novell:suse_linux:libcaca-ruby", "p-cpe:/a:novell:suse_linux:caca-utils", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libcaca0", "p-cpe:/a:novell:suse_linux:libcaca-debugsource", "p-cpe:/a:novell:suse_linux:libcaca0-plugins-debuginfo", "p-cpe:/a:novell:suse_linux:libcaca-devel", "p-cpe:/a:novell:suse_linux:libcaca0-plugins", "p-cpe:/a:novell:suse_linux:libcaca0-debuginfo", "p-cpe:/a:novell:suse_linux:caca-utils-debuginfo"], "id": "SUSE_SU-2019-0770-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123446", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0770-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123446);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-20544\", \"CVE-2018-20545\", \"CVE-2018-20546\", \"CVE-2018-20547\", \"CVE-2018-20548\", \"CVE-2018-20549\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libcaca (SUSE-SU-2019:0770-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libcaca fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-20544: Fixed a floating point exception at caca/dither.c\n(bsc#1120502)\n\nCVE-2018-20545: Fixed a WRITE memory access in the load_image function\nat common-image.c for 4bpp (bsc#1120584)\n\nCVE-2018-20546: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for bpp (bsc#1120503)\n\nCVE-2018-20547: Fixed a READ memory access in the get_rgba_default\nfunction at caca/dither.c for 24bpp (bsc#1120504)\n\nCVE-2018-20548: Fixed a WRITE memory access in the load_image function\nat common-image.c for 1bpp (bsc#1120589)\n\nCVE-2018-20549: Fixed a WRITE memory access in the caca_file_read\nfunction at caca/file.c (bsc#1120470)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20546/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20547/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20549/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190770-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d42d236\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-770=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-770=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:caca-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:caca-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca-ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca0-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcaca0-plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"caca-utils-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"caca-utils-debuginfo-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcaca-debugsource-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcaca-devel-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcaca-ruby-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcaca-ruby-debuginfo-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcaca0-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcaca0-debuginfo-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcaca0-plugins-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"caca-utils-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"caca-utils-debuginfo-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcaca-debugsource-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcaca-ruby-0.99.beta19.git20171003-3.3.7\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcaca-ruby-debuginfo-0.99.beta19.git20171003-3.3.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcaca\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:40:42", "description": "This update for libcaca fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-20544: Fixed a floating point exception at\n caca/dither.c (bsc#1120502)\n\n - CVE-2018-20545: Fixed a WRITE memory access in the\n load_image function at common-image.c for 4bpp\n (bsc#1120584)\n\n - CVE-2018-20546: Fixed a READ memory access in the\n get_rgba_default function at caca/dither.c for bpp\n (bsc#1120503)\n\n - CVE-2018-20547: Fixed a READ memory access in the\n get_rgba_default function at caca/dither.c for 24bpp\n (bsc#1120504)\n\n - CVE-2018-20548: Fixed a WRITE memory access in the\n load_image function at common-image.c for 1bpp\n (bsc#1120589)\n\n - CVE-2018-20549: Fixed a WRITE memory access in the\n caca_file_read function at caca/file.c (bsc#1120470)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 15, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-05T00:00:00", "title": "openSUSE Security Update : libcaca (openSUSE-2019-1144)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20544", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20547"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libcaca-devel", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:libcaca0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcaca0-plugins-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcaca-ruby-debuginfo", "p-cpe:/a:novell:opensuse:libcaca0", "p-cpe:/a:novell:opensuse:libcaca-ruby", "p-cpe:/a:novell:opensuse:libcaca0-plugins-32bit", "p-cpe:/a:novell:opensuse:python3-caca", "p-cpe:/a:novell:opensuse:libcaca0-plugins", "p-cpe:/a:novell:opensuse:libcaca-debugsource", "p-cpe:/a:novell:opensuse:caca-utils-debuginfo", "p-cpe:/a:novell:opensuse:caca-utils", "p-cpe:/a:novell:opensuse:libcaca0-plugins-debuginfo", "p-cpe:/a:novell:opensuse:libcaca0-32bit", "p-cpe:/a:novell:opensuse:libcaca0-debuginfo"], "id": "OPENSUSE-2019-1144.NASL", "href": "https://www.tenable.com/plugins/nessus/123774", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1144.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123774);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-20544\", \"CVE-2018-20545\", \"CVE-2018-20546\", \"CVE-2018-20547\", \"CVE-2018-20548\", \"CVE-2018-20549\");\n\n script_name(english:\"openSUSE Security Update : libcaca (openSUSE-2019-1144)\");\n script_summary(english:\"Check for the openSUSE-2019-1144 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libcaca fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-20544: Fixed a floating point exception at\n caca/dither.c (bsc#1120502)\n\n - CVE-2018-20545: Fixed a WRITE memory access in the\n load_image function at common-image.c for 4bpp\n (bsc#1120584)\n\n - CVE-2018-20546: Fixed a READ memory access in the\n get_rgba_default function at caca/dither.c for bpp\n (bsc#1120503)\n\n - CVE-2018-20547: Fixed a READ memory access in the\n get_rgba_default function at caca/dither.c for 24bpp\n (bsc#1120504)\n\n - CVE-2018-20548: Fixed a WRITE memory access in the\n load_image function at common-image.c for 1bpp\n (bsc#1120589)\n\n - CVE-2018-20549: Fixed a WRITE memory access in the\n caca_file_read function at caca/file.c (bsc#1120470)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120589\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libcaca packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:caca-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:caca-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca-ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca0-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca0-plugins-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca0-plugins-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcaca0-plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"caca-utils-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"caca-utils-debuginfo-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcaca-debugsource-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcaca-devel-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcaca-ruby-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcaca-ruby-debuginfo-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcaca0-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcaca0-debuginfo-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcaca0-plugins-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcaca0-plugins-debuginfo-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-caca-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcaca0-32bit-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcaca0-32bit-debuginfo-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcaca0-plugins-32bit-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcaca0-plugins-32bit-debuginfo-0.99.beta19.git20171003-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"caca-utils / caca-utils-debuginfo / libcaca-debugsource / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:40:14", "description": "Several vulnerabilities were discovered in libcaca, a graphics library\nthat outputs text: integer overflows, floating point exceptions or\ninvalid memory reads may lead to a denial of service (application\ncrash) if a malformed image file is processed.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.99.beta19-2+deb8u1.\n\nWe recommend that you upgrade your libcaca packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 15, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-10T00:00:00", "title": "Debian DLA-1631-1 : libcaca security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20544", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20547"], "modified": "2019-01-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcaca0", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libcaca-dev", "p-cpe:/a:debian:debian_linux:caca-utils"], "id": "DEBIAN_DLA-1631.NASL", "href": "https://www.tenable.com/plugins/nessus/121055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1631-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121055);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-20544\", \"CVE-2018-20546\", \"CVE-2018-20547\", \"CVE-2018-20549\");\n\n script_name(english:\"Debian DLA-1631-1 : libcaca security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libcaca, a graphics library\nthat outputs text: integer overflows, floating point exceptions or\ninvalid memory reads may lead to a denial of service (application\ncrash) if a malformed image file is processed.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.99.beta19-2+deb8u1.\n\nWe recommend that you upgrade your libcaca packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libcaca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected caca-utils, libcaca-dev, and libcaca0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:caca-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcaca-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcaca0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"caca-utils\", reference:\"0.99.beta19-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcaca-dev\", reference:\"0.99.beta19-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcaca0\", reference:\"0.99.beta19-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-18T00:03:00", "description": "Security fix for CVE-2018-20455 CVE-2018-20456 CVE-2018-20457\nCVE-2018-20458 CVE-2018-20459 CVE-2018-20460 CVE-2018-20461 through\nrebase to 3.2.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 8, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-01-22T00:00:00", "title": "Fedora 28 : radare2 (2019-d4d8af2c22)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20460", "CVE-2018-20455", "CVE-2018-20456", "CVE-2018-20458", "CVE-2018-20457", "CVE-2018-20459", "CVE-2018-20461"], "modified": "2019-01-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:radare2", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-D4D8AF2C22.NASL", "href": "https://www.tenable.com/plugins/nessus/121269", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-d4d8af2c22.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121269);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-20455\", \"CVE-2018-20456\", \"CVE-2018-20457\", \"CVE-2018-20458\", \"CVE-2018-20459\", \"CVE-2018-20460\", \"CVE-2018-20461\");\n script_xref(name:\"FEDORA\", value:\"2019-d4d8af2c22\");\n\n script_name(english:\"Fedora 28 : radare2 (2019-d4d8af2c22)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-20455 CVE-2018-20456 CVE-2018-20457\nCVE-2018-20458 CVE-2018-20459 CVE-2018-20460 CVE-2018-20461 through\nrebase to 3.2.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-d4d8af2c22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected radare2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:radare2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"radare2-3.2.0-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"radare2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:54:42", "description": "Security fix for CVE-2018-20455 CVE-2018-20456 CVE-2018-20457\nCVE-2018-20458 CVE-2018-20459 CVE-2018-20460 CVE-2018-20461 through\nrebase to 3.2.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 8, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-01-22T00:00:00", "title": "Fedora 29 : radare2 (2019-5750ad7485)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20460", "CVE-2018-20455", "CVE-2018-20456", "CVE-2018-20458", "CVE-2018-20457", "CVE-2018-20459", "CVE-2018-20461"], "modified": "2019-01-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:radare2", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-5750AD7485.NASL", "href": "https://www.tenable.com/plugins/nessus/121260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-5750ad7485.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121260);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-20455\", \"CVE-2018-20456\", \"CVE-2018-20457\", \"CVE-2018-20458\", \"CVE-2018-20459\", \"CVE-2018-20460\", \"CVE-2018-20461\");\n script_xref(name:\"FEDORA\", value:\"2019-5750ad7485\");\n\n script_name(english:\"Fedora 29 : radare2 (2019-5750ad7485)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-20455 CVE-2018-20456 CVE-2018-20457\nCVE-2018-20458 CVE-2018-20459 CVE-2018-20460 CVE-2018-20461 through\nrebase to 3.2.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5750ad7485\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected radare2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:radare2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"radare2-3.2.0-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"radare2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20544", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20459", "CVE-2018-20547"], "description": "The remote host is missing an update for the\n ", "modified": "2019-03-18T00:00:00", "published": "2019-01-16T00:00:00", "id": "OPENVAS:1361412562310843872", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843872", "type": "openvas", "title": "Ubuntu Update for libcaca USN-3860-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3860_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for libcaca USN-3860-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843872\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-20544\", \"CVE-2018-20545\", \"CVE-2018-20548\", \"CVE-2018-20459\",\n \"CVE-2018-20546\", \"CVE-2018-20547\", \"CVE-2018-20549\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-01-16 04:01:39 +0100 (Wed, 16 Jan 2019)\");\n script_name(\"Ubuntu Update for libcaca USN-3860-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3860-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3860-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'libcaca' package(s) announced via the USN-3860-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that libcaca incorrectly\n handled certain images. An attacker could possibly use this issue to cause a denial of service.\n(CVE-2018-20544)\n\nIt was discovered that libcaca incorrectly handled certain images.\nAn attacker could possibly use this issue to execute arbitrary code.\n(CVE-2018-20545, CVE-2018-20548, CVE-2018-20459)\n\nIt was discovered that libcaca incorrectly handled certain images.\nAn attacker could possibly use this issue to access sensitive\ninformation.\n(CVE-2018-20546, CVE-2018-20547)\");\n\n script_tag(name:\"affected\", value:\"libcaca on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"caca-utils\", ver:\"0.99.beta18-1ubuntu5.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcaca0\", ver:\"0.99.beta18-1ubuntu5.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"caca-utils\", ver:\"0.99.beta19-2ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcaca0\", ver:\"0.99.beta19-2ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"caca-utils\", ver:\"0.99.beta19-2ubuntu0.18.10.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcaca0\", ver:\"0.99.beta19-2ubuntu0.18.10.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"caca-utils\", ver:\"0.99.beta19-2ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcaca0\", ver:\"0.99.beta19-2ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:47:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20544", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20547"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-04-05T00:00:00", "id": "OPENVAS:1361412562310852399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852399", "type": "openvas", "title": "openSUSE: Security Advisory for libcaca (openSUSE-SU-2019:1144-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852399\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-20544\", \"CVE-2018-20545\", \"CVE-2018-20546\", \"CVE-2018-20547\", \"CVE-2018-20548\", \"CVE-2018-20549\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-05 02:00:54 +0000 (Fri, 05 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for libcaca (openSUSE-SU-2019:1144-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1144-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libcaca'\n package(s) announced via the openSUSE-SU-2019:1144-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libcaca fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-20544: Fixed a floating point exception at caca/dither.c\n (bsc#1120502)\n\n - CVE-2018-20545: Fixed a WRITE memory access in the load_image function\n at common-image.c for 4bpp (bsc#1120584)\n\n - CVE-2018-20546: Fixed a READ memory access in the get_rgba_default\n function at caca/dither.c for bpp (bsc#1120503)\n\n - CVE-2018-20547: Fixed a READ memory access in the get_rgba_default\n function at caca/dither.c for 24bpp (bsc#1120504)\n\n - CVE-2018-20548: Fixed a WRITE memory access in the load_image function\n at common-image.c for 1bpp (bsc#1120589)\n\n - CVE-2018-20549: Fixed a WRITE memory access in the caca_file_read\n function at caca/file.c (bsc#1120470)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1144=1\");\n\n script_tag(name:\"affected\", value:\"'libcaca' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"caca-utils\", rpm:\"caca-utils~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"caca-utils-debuginfo\", rpm:\"caca-utils-debuginfo~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca-debugsource\", rpm:\"libcaca-debugsource~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca-devel\", rpm:\"libcaca-devel~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca-ruby\", rpm:\"libcaca-ruby~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca-ruby-debuginfo\", rpm:\"libcaca-ruby-debuginfo~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca0\", rpm:\"libcaca0~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca0-debuginfo\", rpm:\"libcaca0-debuginfo~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca0-plugins\", rpm:\"libcaca0-plugins~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca0-plugins-debuginfo\", rpm:\"libcaca0-plugins-debuginfo~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-caca\", rpm:\"python3-caca~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca0-32bit\", rpm:\"libcaca0-32bit~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca0-32bit-debuginfo\", rpm:\"libcaca0-32bit-debuginfo~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca0-plugins-32bit\", rpm:\"libcaca0-plugins-32bit~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcaca0-plugins-32bit-debuginfo\", rpm:\"libcaca0-plugins-32bit-debuginfo~0.99.beta19.git20171003~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:30:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20544", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20547"], "description": "Several vulnerabilities were discovered in libcaca, a graphics library\nthat outputs text: integer overflows, floating point exceptions or\ninvalid memory reads may lead to a denial-of-service (application\ncrash) if a malformed image file is processed.", "modified": "2020-01-29T00:00:00", "published": "2019-01-10T00:00:00", "id": "OPENVAS:1361412562310891631", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891631", "type": "openvas", "title": "Debian LTS: Security Advisory for libcaca (DLA-1631-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891631\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-20544\", \"CVE-2018-20546\", \"CVE-2018-20547\", \"CVE-2018-20549\");\n script_name(\"Debian LTS: Security Advisory for libcaca (DLA-1631-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-10 00:00:00 +0100 (Thu, 10 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"libcaca on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.99.beta19-2+deb8u1.\n\nWe recommend that you upgrade your libcaca packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in libcaca, a graphics library\nthat outputs text: integer overflows, floating point exceptions or\ninvalid memory reads may lead to a denial-of-service (application\ncrash) if a malformed image file is processed.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"caca-utils\", ver:\"0.99.beta19-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcaca-dev\", ver:\"0.99.beta19-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcaca0\", ver:\"0.99.beta19-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20460", "CVE-2018-20455", "CVE-2018-20456", "CVE-2018-20458", "CVE-2018-20457", "CVE-2018-20459", "CVE-2018-20461"], "description": "The remote host is missing an update for the\n ", "modified": "2019-03-15T00:00:00", "published": "2019-01-19T00:00:00", "id": "OPENVAS:1361412562310875416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875416", "type": "openvas", "title": "Fedora Update for radare2 FEDORA-2019-d4d8af2c22", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2019_d4d8af2c22_radare2_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for radare2 FEDORA-2019-d4d8af2c22\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875416\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-20455\", \"CVE-2018-20456\", \"CVE-2018-20457\", \"CVE-2018-20458\",\n \"CVE-2018-20459\", \"CVE-2018-20460\", \"CVE-2018-20461\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-01-19 04:04:15 +0100 (Sat, 19 Jan 2019)\");\n script_name(\"Fedora Update for radare2 FEDORA-2019-d4d8af2c22\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-d4d8af2c22\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJHXVVGWAZPH224ARY3O6GFOU3KENYGK\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'radare2' package(s) announced via the FEDORA-2019-d4d8af2c22 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"affected\", value:\"radare2 on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"radare2\", rpm:\"radare2~3.2.0~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2019-04-05T03:13:16", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20544", "CVE-2018-20545", "CVE-2018-20548", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20547"], "description": "This update for libcaca fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-20544: Fixed a floating point exception at caca/dither.c\n (bsc#1120502)\n - CVE-2018-20545: Fixed a WRITE memory access in the load_image function\n at common-image.c for 4bpp (bsc#1120584)\n - CVE-2018-20546: Fixed a READ memory access in the get_rgba_default\n function at caca/dither.c for bpp (bsc#1120503)\n - CVE-2018-20547: Fixed a READ memory access in the get_rgba_default\n function at caca/dither.c for 24bpp (bsc#1120504)\n - CVE-2018-20548: Fixed a WRITE memory access in the load_image function\n at common-image.c for 1bpp (bsc#1120589)\n - CVE-2018-20549: Fixed a WRITE memory access in the caca_file_read\n function at caca/file.c (bsc#1120470)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-04-05T00:26:54", "published": "2019-04-05T00:26:54", "id": "OPENSUSE-SU-2019:1144-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html", "title": "Security update for libcaca (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-08-12T01:03:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20544", "CVE-2018-20549", "CVE-2018-20546", "CVE-2018-20547"], "description": "Package : libcaca\nVersion : 0.99.beta19-2+deb8u1\nCVE ID : CVE-2018-20544 CVE-2018-20546 CVE-2018-20547\n CVE-2018-20549\nDebian Bug : 917807\n\nSeveral vulnerabilities were discovered in libcaca, a graphics library\nthat outputs text: integer overflows, floating point exceptions or\ninvalid memory reads may lead to a denial-of-service (application\ncrash) if a malformed image file is processed.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n0.99.beta19-2+deb8u1.\n\nWe recommend that you upgrade your libcaca packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 9, "modified": "2019-01-09T22:25:19", "published": "2019-01-09T22:25:19", "id": "DEBIAN:DLA-1631-1:42629", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201901/msg00007.html", "title": "[SECURITY] [DLA 1631-1] libcaca security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:52:35", "description": "In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-12-25T19:29:00", "title": "CVE-2018-20459", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20459"], "modified": "2020-10-15T16:14:00", "cpe": ["cpe:/a:radare:radare2:3.1.3"], "id": "CVE-2018-20459", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20459", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:radare:radare2:3.1.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:35", "description": "There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-28T16:29:00", "title": "CVE-2018-20548", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20548"], "modified": "2019-04-05T00:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:libcaca_project:libcaca:0.99", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-20548", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20548", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:libcaca_project:libcaca:0.99:beta19:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:35", "description": "There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-28T16:29:00", "title": "CVE-2018-20545", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20545"], "modified": "2019-04-05T00:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:libcaca_project:libcaca:0.99", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-20545", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20545", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:libcaca_project:libcaca:0.99:beta19:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:35", "description": "There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-12-28T16:29:00", "title": "CVE-2018-20546", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20546"], "modified": "2019-04-05T00:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:libcaca_project:libcaca:0.99", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-20546", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20546", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:libcaca_project:libcaca:0.99:beta19:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:35", "description": "There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-28T16:29:00", "title": "CVE-2018-20549", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20549"], "modified": "2019-04-05T00:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:libcaca_project:libcaca:0.99", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-20549", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20549", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:libcaca_project:libcaca:0.99:beta19:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:35", "description": "There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-12-28T16:29:00", "title": "CVE-2018-20544", "type": "cve", "cwe": ["CWE-369"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20544"], "modified": "2019-04-05T00:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:libcaca_project:libcaca:0.99", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-20544", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20544", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:libcaca_project:libcaca:0.99:beta19:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:35", "description": "There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-12-28T16:29:00", "title": "CVE-2018-20547", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20547"], "modified": "2019-04-05T00:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:libcaca_project:libcaca:0.99", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-20547", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20547", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:libcaca_project:libcaca:0.99:beta19:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20455", "CVE-2018-20456", "CVE-2018-20457", "CVE-2018-20458", "CVE-2018-20459", "CVE-2018-20460", "CVE-2018-20461"], "description": "The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and function levels. ", "modified": "2019-01-19T01:55:31", "published": "2019-01-19T01:55:31", "id": "FEDORA:1250A60CFA79", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: radare2-3.2.0-1.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20455", "CVE-2018-20456", "CVE-2018-20457", "CVE-2018-20458", "CVE-2018-20459", "CVE-2018-20460", "CVE-2018-20461"], "description": "The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and function levels. ", "modified": "2019-01-19T02:27:44", "published": "2019-01-19T02:27:44", "id": "FEDORA:081946048FD2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: radare2-3.2.0-1.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}