Vulnerabilities > CVE-2018-12910 - Out-of-bounds Read vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

nessus

NVD

Published: 2018-07-05

Updated: 2023-11-07

Summary

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

Vulnerable Configurations

Part	Description	Count
Application	Gnome Gnome Libsoup 2.63.2	1
Application	Redhat Redhat Openshift Container Platform 3.11 Redhat Ansible Tower 3.3	2
OS	Canonical Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 17.10 Canonical Ubuntu Linux 18.04	4
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 9.0	2
OS	Redhat Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0	3
OS	Opensuse Opensuse Leap 15.0	1

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0182.NASL
description	An update of 'libsoup', 'libgcrypt' packages of Photon OS has been released.
last seen	2019-02-21
modified	2019-02-07
plugin id	117396
published	2018-09-10
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=117396
title	Photon OS 1.0: Libgcrypt / Libsoup PHSA-2018-1.0-0182 (deprecated)
code	# # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0182. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(117396); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:50"); script_cve_id("CVE-2018-0495", "CVE-2018-12910"); script_name(english:"Photon OS 1.0: Libgcrypt / Libsoup PHSA-2018-1.0-0182 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of 'libsoup', 'libgcrypt' packages of Photon OS has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-182"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12910"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libgcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libsoup"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 1\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "libgcrypt-1.7.6-4.ph1", "libgcrypt-debuginfo-1.7.6-4.ph1", "libgcrypt-devel-1.7.6-4.ph1", "libsoup-2.53.90-4.ph1", "libsoup-debuginfo-2.53.90-4.ph1", "libsoup-devel-2.53.90-4.ph1", "libsoup-doc-2.53.90-4.ph1", "libsoup-lang-2.53.90-4.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgcrypt / libsoup"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-2204-2.NASL
description	This update for libsoup fixes the following issues : Security issue fixed : CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916). Bug fixes: bsc#1086036: translation-update-upstream commented out for Leap Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2019-01-09
plugin id	121042
published	2019-01-09
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121042
title	SUSE SLES12 Security Update : libsoup (SUSE-SU-2018:2204-2)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:2204-2. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(121042); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/26"); script_cve_id("CVE-2017-2885", "CVE-2018-12910"); script_name(english:"SUSE SLES12 Security Update : libsoup (SUSE-SU-2018:2204-2)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for libsoup fixes the following issues : Security issue fixed : CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916). Bug fixes: bsc#1086036: translation-update-upstream commented out for Leap Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1052916" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1086036" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1100097" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-2885/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12910/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20182204-2/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?80b64ad4" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE OpenStack Cloud 7:zypper in -t patch SUSE-OpenStack-Cloud-7-2019-25=1 SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-25=1 SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-25=1 SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-25=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoup-2_4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoup-2_4-1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoup-2_4-1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoup-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-Soup"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"2", reference:"libsoup-2_4-1-2.62.2-5.7.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsoup-2_4-1-debuginfo-2.62.2-5.7.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsoup-debugsource-2.62.2-5.7.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"typelib-1_0-Soup-2_4-2.62.2-5.7.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsoup-2_4-1-32bit-2.62.2-5.7.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsoup-2_4-1-debuginfo-32bit-2.62.2-5.7.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsoup"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-FB2AFEE474.NASL
description	This update backports an upstream fix for CVE-2018-12910. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120932
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120932
title	Fedora 28 : libsoup (2018-fb2afee474)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-fb2afee474. # include("compat.inc"); if (description) { script_id(120932); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-12910"); script_xref(name:"FEDORA", value:"2018-fb2afee474"); script_name(english:"Fedora 28 : libsoup (2018-fb2afee474)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update backports an upstream fix for CVE-2018-12910. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fb2afee474" ); script_set_attribute( attribute:"solution", value:"Update the affected libsoup package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libsoup"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/05"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"libsoup-2.62.2-2.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsoup"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3701-1.NASL
description	It was discovered that libsoup incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	110923
published	2018-07-05
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110923
title	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : libsoup2.4 vulnerability (USN-3701-1)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0048_LIBSOUP.NASL
description	The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libsoup packages installed that are affected by a vulnerability: - An out-of-bounds read has been discovered in libsoup when getting cookies from a URI with empty hostname. An attacker may use this flaw to cause a crash in the application. (CVE-2018-12910) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127231
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127231
title	NewStart CGSL CORE 5.04 / MAIN 5.04 : libsoup Vulnerability (NS-SA-2019-0048)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-ADDB1D273C.NASL
description	Update to 2.68.0 and fix FTBFS Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	129640
published	2019-10-07
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129640
title	Fedora 31 : mingw-libsoup (2019-addb1d273c)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2018-3140.NASL
description	An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es) : * libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) * poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267) * libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733) * libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767) * poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768) * poppler: out of bounds read in pdfunite (CVE-2018-13988) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank chenyuan (NESA Lab) for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	118995
published	2018-11-16
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118995
title	CentOS 7 : PackageKit / accountsservice / adwaita-icon-theme / appstream-data / at-spi2-atk / etc (CESA-2018:3140)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4241.NASL
description	It was discovered that the Soup HTTP library performed insufficient validation of cookie requests which could result in an out-of-bounds memory read.
last seen	2020-06-01
modified	2020-06-02
plugin id	110929
published	2018-07-06
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110929
title	Debian DSA-4241-1 : libsoup2.4 - security update

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1143.NASL
description	According to the version of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2019-04-02
plugin id	123617
published	2019-04-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123617
title	EulerOS 2.0 SP5 : libsoup (EulerOS-SA-2019-1143)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-856.NASL
description	This update for libsoup fixes the following issues : Security issue fixed : - CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916). Bug fixes : - bsc#1086036: translation-update-upstream commented out for Leap This update was imported from the SUSE:SLE-12-SP2:Update update project.
last seen	2020-06-05
modified	2018-08-10
plugin id	111637
published	2018-08-10
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111637
title	openSUSE Security Update : libsoup (openSUSE-2018-856)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1391.NASL
description	According to the version of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-15
modified	2018-12-10
plugin id	119519
published	2018-12-10
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119519
title	EulerOS 2.0 SP3 : libsoup (EulerOS-SA-2018-1391)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0182_LIBSOUP.NASL
description	An update of the libsoup package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	121887
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121887
title	Photon OS 1.0: Libsoup PHSA-2018-1.0-0182

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20181030_GNOME_ON_SL7_X.NASL
description	Security Fix(es) : - libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) - poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267) - libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733) - libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767) - poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768) - poppler: out of bounds read in pdfunite (CVE-2018-13988) Additional Changes : - PackageKit is now aware of our SL7 minor release upgrade tool.
last seen	2020-03-18
modified	2018-11-27
plugin id	119177
published	2018-11-27
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119177
title	Scientific Linux Security Update : GNOME on SL7.x x86_64 (20181030)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2018-3140.NASL
description	An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es) : * libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) * poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267) * libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733) * libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767) * poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768) * poppler: out of bounds read in pdfunite (CVE-2018-13988) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank chenyuan (NESA Lab) for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	118726
published	2018-11-05
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118726
title	RHEL 7 : GNOME (RHSA-2018:3140)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1416.NASL
description	It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read. For Debian 8
last seen	2020-06-01
modified	2020-06-02
plugin id	110946
published	2018-07-09
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110946
title	Debian DLA-1416-1 : libsoup2.4 security update

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-2_0-0091.NASL
description	An update of 'libgcrypt', 'libsoup' packages of Photon OS has been released.
last seen	2019-02-21
modified	2019-02-07
plugin id	117397
published	2018-09-10
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=117397
title	Photon OS 2.0: Libgcrypt / Libsoup PHSA-2018-2.0-0091 (deprecated)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-2204-1.NASL
description	This update for libsoup fixes the following issues: Security issue fixed : - CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916). Bug fixes : - bsc#1086036: translation-update-upstream commented out for Leap Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	111574
published	2018-08-07
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111574
title	SUSE SLED12 / SLES12 Security Update : libsoup (SUSE-SU-2018:2204-1)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0182_LIBGCRYPT.NASL
description	An update of the libgcrypt package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	121886
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121886
title	Photon OS 1.0: Libgcrypt PHSA-2018-1.0-0182

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1392.NASL
description	According to the versions of the libsoup package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.(CVE-2018-12910) - A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality.(CVE-2017-2885) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124895
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124895
title	EulerOS Virtualization for ARM 64 3.0.1.0 : libsoup (EulerOS-SA-2019-1392)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-2_0-0091_LIBGCRYPT.NASL
description	An update of the libgcrypt package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	121992
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121992
title	Photon OS 2.0: Libgcrypt PHSA-2018-2.0-0091

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-C3838931E1.NASL
description	This update backports an upstream fix for CVE-2018-12910. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-07-06
plugin id	110933
published	2018-07-06
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110933
title	Fedora 27 : libsoup (2018-c3838931e1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1419.NASL
description	According to the version of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-12-28
plugin id	119908
published	2018-12-28
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119908
title	EulerOS 2.0 SP2 : libsoup (EulerOS-SA-2018-1419)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-2_0-0091_LIBSOUP.NASL
description	An update of the libsoup package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	121993
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121993
title	Photon OS 2.0: Libsoup PHSA-2018-2.0-0091

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1310.NASL
description	This update for libsoup fixes the following issues : Security issue fixed : - CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	124579
published	2019-05-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124579
title	openSUSE Security Update : libsoup (openSUSE-2019-1310)

Redhat

advisories

rhsa
id RHBA-2019:0327
rhsa
id RHSA-2018:3140
rhsa
id RHSA-2018:3505

rpms

PackageKit-0:1.1.10-1.el7
PackageKit-command-not-found-0:1.1.10-1.el7
PackageKit-cron-0:1.1.10-1.el7
PackageKit-debuginfo-0:1.1.10-1.el7
PackageKit-glib-0:1.1.10-1.el7
PackageKit-glib-devel-0:1.1.10-1.el7
PackageKit-gstreamer-plugin-0:1.1.10-1.el7
PackageKit-gtk3-module-0:1.1.10-1.el7
PackageKit-yum-0:1.1.10-1.el7
PackageKit-yum-plugin-0:1.1.10-1.el7
accountsservice-0:0.6.50-2.el7
accountsservice-debuginfo-0:0.6.50-2.el7
accountsservice-devel-0:0.6.50-2.el7
accountsservice-libs-0:0.6.50-2.el7
adwaita-cursor-theme-0:3.28.0-1.el7
adwaita-gtk2-theme-0:3.28-2.el7
adwaita-icon-theme-0:3.28.0-1.el7
adwaita-icon-theme-devel-0:3.28.0-1.el7
appstream-data-0:7-20180614.el7
at-spi2-atk-0:2.26.2-1.el7
at-spi2-atk-debuginfo-0:2.26.2-1.el7
at-spi2-atk-devel-0:2.26.2-1.el7
at-spi2-core-0:2.28.0-1.el7
at-spi2-core-debuginfo-0:2.28.0-1.el7
at-spi2-core-devel-0:2.28.0-1.el7
atk-0:2.28.1-1.el7
atk-debuginfo-0:2.28.1-1.el7
atk-devel-0:2.28.1-1.el7
baobab-0:3.28.0-2.el7
baobab-debuginfo-0:3.28.0-2.el7
bolt-0:0.4-3.el7
bolt-debuginfo-0:0.4-3.el7
brasero-0:3.12.2-5.el7
brasero-debuginfo-0:3.12.2-5.el7
brasero-devel-0:3.12.2-5.el7
brasero-libs-0:3.12.2-5.el7
brasero-nautilus-0:3.12.2-5.el7
cairo-0:1.15.12-3.el7
cairo-debuginfo-0:1.15.12-3.el7
cairo-devel-0:1.15.12-3.el7
cairo-gobject-0:1.15.12-3.el7
cairo-gobject-devel-0:1.15.12-3.el7
cairo-tools-0:1.15.12-3.el7
cheese-2:3.28.0-1.el7
cheese-debuginfo-2:3.28.0-1.el7
cheese-libs-2:3.28.0-1.el7
cheese-libs-devel-2:3.28.0-1.el7
clutter-gst3-0:3.0.26-1.el7
clutter-gst3-debuginfo-0:3.0.26-1.el7
clutter-gst3-devel-0:3.0.26-1.el7
compat-exiv2-023-0:0.23-2.el7
compat-exiv2-023-debuginfo-0:0.23-2.el7
compat-libical1-0:1.0.1-2.el7
control-center-1:3.28.1-4.el7
control-center-debuginfo-1:3.28.1-4.el7
control-center-filesystem-1:3.28.1-4.el7
dconf-0:0.28.0-4.el7
dconf-debuginfo-0:0.28.0-4.el7
dconf-devel-0:0.28.0-4.el7
dconf-editor-0:3.28.0-1.el7
dconf-editor-debuginfo-0:3.28.0-1.el7
devhelp-1:3.28.1-1.el7
devhelp-debuginfo-1:3.28.1-1.el7
devhelp-devel-1:3.28.1-1.el7
devhelp-libs-1:3.28.1-1.el7
ekiga-0:4.0.1-8.el7
ekiga-debuginfo-0:4.0.1-8.el7
empathy-0:3.12.13-1.el7
empathy-debuginfo-0:3.12.13-1.el7
eog-0:3.28.3-1.el7
eog-debuginfo-0:3.28.3-1.el7
eog-devel-0:3.28.3-1.el7
evince-0:3.28.2-5.el7
evince-browser-plugin-0:3.28.2-5.el7
evince-debuginfo-0:3.28.2-5.el7
evince-devel-0:3.28.2-5.el7
evince-dvi-0:3.28.2-5.el7
evince-libs-0:3.28.2-5.el7
evince-nautilus-0:3.28.2-5.el7
evolution-0:3.28.5-2.el7
evolution-bogofilter-0:3.28.5-2.el7
evolution-data-server-0:3.28.5-1.el7
evolution-data-server-debuginfo-0:3.28.5-1.el7
evolution-data-server-devel-0:3.28.5-1.el7
evolution-data-server-doc-0:3.28.5-1.el7
evolution-data-server-langpacks-0:3.28.5-1.el7
evolution-data-server-perl-0:3.28.5-1.el7
evolution-data-server-tests-0:3.28.5-1.el7
evolution-debuginfo-0:3.28.5-2.el7
evolution-devel-0:3.28.5-2.el7
evolution-devel-docs-0:3.28.5-2.el7
evolution-ews-0:3.28.5-1.el7
evolution-ews-debuginfo-0:3.28.5-1.el7
evolution-ews-langpacks-0:3.28.5-1.el7
evolution-help-0:3.28.5-2.el7
evolution-langpacks-0:3.28.5-2.el7
evolution-mapi-0:3.28.3-2.el7
evolution-mapi-debuginfo-0:3.28.3-2.el7
evolution-mapi-langpacks-0:3.28.3-2.el7
evolution-pst-0:3.28.5-2.el7
evolution-spamassassin-0:3.28.5-2.el7
evolution-tests-0:3.28.5-2.el7
file-roller-0:3.28.1-2.el7
file-roller-debuginfo-0:3.28.1-2.el7
file-roller-nautilus-0:3.28.1-2.el7
flatpak-0:1.0.2-2.el7
flatpak-builder-0:1.0.0-2.el7
flatpak-debuginfo-0:1.0.2-2.el7
flatpak-devel-0:1.0.2-2.el7
flatpak-libs-0:1.0.2-2.el7
folks-1:0.11.4-1.el7
folks-debuginfo-1:0.11.4-1.el7
folks-devel-1:0.11.4-1.el7
folks-tools-1:0.11.4-1.el7
fontconfig-0:2.13.0-4.3.el7
fontconfig-debuginfo-0:2.13.0-4.3.el7
fontconfig-devel-0:2.13.0-4.3.el7
fontconfig-devel-doc-0:2.13.0-4.3.el7
freetype-0:2.8-12.el7
freetype-debuginfo-0:2.8-12.el7
freetype-demos-0:2.8-12.el7
freetype-devel-0:2.8-12.el7
fribidi-0:1.0.2-1.el7
fribidi-debuginfo-0:1.0.2-1.el7
fribidi-devel-0:1.0.2-1.el7
fwupd-0:1.0.8-4.el7
fwupd-debuginfo-0:1.0.8-4.el7
fwupd-devel-0:1.0.8-4.el7
fwupdate-0:12-5.el7
fwupdate-debuginfo-0:12-5.el7
fwupdate-devel-0:12-5.el7
fwupdate-efi-0:12-5.el7
fwupdate-libs-0:12-5.el7
gcr-0:3.28.0-1.el7
gcr-debuginfo-0:3.28.0-1.el7
gcr-devel-0:3.28.0-1.el7
gdk-pixbuf2-0:2.36.12-3.el7
gdk-pixbuf2-debuginfo-0:2.36.12-3.el7
gdk-pixbuf2-devel-0:2.36.12-3.el7
gdk-pixbuf2-tests-0:2.36.12-3.el7
gdm-1:3.28.2-9.el7
gdm-debuginfo-1:3.28.2-9.el7
gdm-devel-1:3.28.2-9.el7
gdm-pam-extensions-devel-1:3.28.2-9.el7
gedit-2:3.28.1-1.el7
gedit-debuginfo-2:3.28.1-1.el7
gedit-devel-2:3.28.1-1.el7
gedit-plugin-bookmarks-0:3.28.1-1.el7
gedit-plugin-bracketcompletion-0:3.28.1-1.el7
gedit-plugin-charmap-0:3.28.1-1.el7
gedit-plugin-codecomment-0:3.28.1-1.el7
gedit-plugin-colorpicker-0:3.28.1-1.el7
gedit-plugin-colorschemer-0:3.28.1-1.el7
gedit-plugin-commander-0:3.28.1-1.el7
gedit-plugin-drawspaces-0:3.28.1-1.el7
gedit-plugin-findinfiles-0:3.28.1-1.el7
gedit-plugin-joinlines-0:3.28.1-1.el7
gedit-plugin-multiedit-0:3.28.1-1.el7
gedit-plugin-smartspaces-0:3.28.1-1.el7
gedit-plugin-synctex-0:3.28.1-1.el7
gedit-plugin-terminal-0:3.28.1-1.el7
gedit-plugin-textsize-0:3.28.1-1.el7
gedit-plugin-translate-0:3.28.1-1.el7
gedit-plugin-wordcompletion-0:3.28.1-1.el7
gedit-plugins-0:3.28.1-1.el7
gedit-plugins-data-0:3.28.1-1.el7
gedit-plugins-debuginfo-0:3.28.1-1.el7
geoclue2-0:2.4.8-1.el7
geoclue2-debuginfo-0:2.4.8-1.el7
geoclue2-demos-0:2.4.8-1.el7
geoclue2-devel-0:2.4.8-1.el7
geoclue2-libs-0:2.4.8-1.el7
geocode-glib-0:3.26.0-2.el7
geocode-glib-debuginfo-0:3.26.0-2.el7
geocode-glib-devel-0:3.26.0-2.el7
gjs-0:1.52.3-1.el7
gjs-debuginfo-0:1.52.3-1.el7
gjs-devel-0:1.52.3-1.el7
gjs-tests-0:1.52.3-1.el7
glade-0:3.22.1-1.el7
glade-debuginfo-0:3.22.1-1.el7
glade-devel-0:3.22.1-1.el7
glade-libs-0:3.22.1-1.el7
glib-networking-0:2.56.1-1.el7
glib-networking-debuginfo-0:2.56.1-1.el7
glib-networking-tests-0:2.56.1-1.el7
glib2-0:2.56.1-2.el7
glib2-debuginfo-0:2.56.1-2.el7
glib2-devel-0:2.56.1-2.el7
glib2-doc-0:2.56.1-2.el7
glib2-fam-0:2.56.1-2.el7
glib2-static-0:2.56.1-2.el7
glib2-tests-0:2.56.1-2.el7
glibmm24-0:2.56.0-1.el7
glibmm24-debuginfo-0:2.56.0-1.el7
glibmm24-devel-0:2.56.0-1.el7
glibmm24-doc-0:2.56.0-1.el7
gnome-backgrounds-0:3.28.0-1.el7
gnome-bluetooth-1:3.28.2-1.el7
gnome-bluetooth-debuginfo-1:3.28.2-1.el7
gnome-bluetooth-libs-1:3.28.2-1.el7
gnome-bluetooth-libs-devel-1:3.28.2-1.el7
gnome-boxes-0:3.28.5-2.el7
gnome-boxes-debuginfo-0:3.28.5-2.el7
gnome-calculator-0:3.28.2-1.el7
gnome-calculator-debuginfo-0:3.28.2-1.el7
gnome-classic-session-0:3.28.1-5.el7
gnome-clocks-0:3.28.0-1.el7
gnome-clocks-debuginfo-0:3.28.0-1.el7
gnome-color-manager-0:3.28.0-1.el7
gnome-color-manager-debuginfo-0:3.28.0-1.el7
gnome-contacts-0:3.28.2-1.el7
gnome-contacts-debuginfo-0:3.28.2-1.el7
gnome-desktop3-0:3.28.2-2.el7
gnome-desktop3-debuginfo-0:3.28.2-2.el7
gnome-desktop3-devel-0:3.28.2-2.el7
gnome-desktop3-tests-0:3.28.2-2.el7
gnome-devel-docs-0:3.28.0-1.el7
gnome-dictionary-0:3.26.1-2.el7
gnome-dictionary-debuginfo-0:3.26.1-2.el7
gnome-disk-utility-0:3.28.3-1.el7
gnome-disk-utility-debuginfo-0:3.28.3-1.el7
gnome-documents-0:3.28.2-1.el7
gnome-documents-debuginfo-0:3.28.2-1.el7
gnome-documents-libs-0:3.28.2-1.el7
gnome-font-viewer-0:3.28.0-1.el7
gnome-font-viewer-debuginfo-0:3.28.0-1.el7
gnome-getting-started-docs-0:3.28.2-1.el7
gnome-getting-started-docs-cs-0:3.28.2-1.el7
gnome-getting-started-docs-de-0:3.28.2-1.el7
gnome-getting-started-docs-es-0:3.28.2-1.el7
gnome-getting-started-docs-fr-0:3.28.2-1.el7
gnome-getting-started-docs-gl-0:3.28.2-1.el7
gnome-getting-started-docs-hu-0:3.28.2-1.el7
gnome-getting-started-docs-it-0:3.28.2-1.el7
gnome-getting-started-docs-pl-0:3.28.2-1.el7
gnome-getting-started-docs-pt_BR-0:3.28.2-1.el7
gnome-getting-started-docs-ru-0:3.28.2-1.el7
gnome-initial-setup-0:3.28.0-1.el7
gnome-initial-setup-debuginfo-0:3.28.0-1.el7
gnome-keyring-0:3.28.2-1.el7
gnome-keyring-debuginfo-0:3.28.2-1.el7
gnome-keyring-pam-0:3.28.2-1.el7
gnome-online-accounts-0:3.28.0-1.el7
gnome-online-accounts-debuginfo-0:3.28.0-1.el7
gnome-online-accounts-devel-0:3.28.0-1.el7
gnome-online-miners-0:3.26.0-1.el7
gnome-online-miners-debuginfo-0:3.26.0-1.el7
gnome-packagekit-0:3.28.0-1.el7
gnome-packagekit-common-0:3.28.0-1.el7
gnome-packagekit-debuginfo-0:3.28.0-1.el7
gnome-packagekit-installer-0:3.28.0-1.el7
gnome-packagekit-updater-0:3.28.0-1.el7
gnome-screenshot-0:3.26.0-1.el7
gnome-screenshot-debuginfo-0:3.26.0-1.el7
gnome-session-0:3.28.1-5.el7
gnome-session-custom-session-0:3.28.1-5.el7
gnome-session-debuginfo-0:3.28.1-5.el7
gnome-session-wayland-session-0:3.28.1-5.el7
gnome-session-xsession-0:3.28.1-5.el7
gnome-settings-daemon-0:3.28.1-2.el7
gnome-settings-daemon-debuginfo-0:3.28.1-2.el7
gnome-settings-daemon-devel-0:3.28.1-2.el7
gnome-shell-0:3.28.3-6.el7
gnome-shell-debuginfo-0:3.28.3-6.el7
gnome-shell-extension-alternate-tab-0:3.28.1-5.el7
gnome-shell-extension-apps-menu-0:3.28.1-5.el7
gnome-shell-extension-auto-move-windows-0:3.28.1-5.el7
gnome-shell-extension-common-0:3.28.1-5.el7
gnome-shell-extension-dash-to-dock-0:3.28.1-5.el7
gnome-shell-extension-drive-menu-0:3.28.1-5.el7
gnome-shell-extension-launch-new-instance-0:3.28.1-5.el7
gnome-shell-extension-native-window-placement-0:3.28.1-5.el7
gnome-shell-extension-no-hot-corner-0:3.28.1-5.el7
gnome-shell-extension-panel-favorites-0:3.28.1-5.el7
gnome-shell-extension-places-menu-0:3.28.1-5.el7
gnome-shell-extension-screenshot-window-sizer-0:3.28.1-5.el7
gnome-shell-extension-systemMonitor-0:3.28.1-5.el7
gnome-shell-extension-top-icons-0:3.28.1-5.el7
gnome-shell-extension-updates-dialog-0:3.28.1-5.el7
gnome-shell-extension-user-theme-0:3.28.1-5.el7
gnome-shell-extension-window-list-0:3.28.1-5.el7
gnome-shell-extension-windowsNavigator-0:3.28.1-5.el7
gnome-shell-extension-workspace-indicator-0:3.28.1-5.el7
gnome-software-0:3.28.2-3.el7
gnome-software-debuginfo-0:3.28.2-3.el7
gnome-software-devel-0:3.28.2-3.el7
gnome-software-editor-0:3.28.2-3.el7
gnome-system-monitor-0:3.28.2-1.el7
gnome-system-monitor-debuginfo-0:3.28.2-1.el7
gnome-terminal-0:3.28.2-2.el7
gnome-terminal-debuginfo-0:3.28.2-2.el7
gnome-terminal-nautilus-0:3.28.2-2.el7
gnome-themes-standard-0:3.28-2.el7
gnome-themes-standard-debuginfo-0:3.28-2.el7
gnome-tweak-tool-0:3.28.1-2.el7
gnome-user-docs-0:3.28.2-1.el7
gnote-0:3.28.0-1.el7
gnote-debuginfo-0:3.28.0-1.el7
gobject-introspection-0:1.56.1-1.el7
gobject-introspection-debuginfo-0:1.56.1-1.el7
gobject-introspection-devel-0:1.56.1-1.el7
gom-0:0.3.3-1.el7
gom-debuginfo-0:0.3.3-1.el7
gom-devel-0:0.3.3-1.el7
google-noto-emoji-color-fonts-0:20180508-4.el7
google-noto-emoji-fonts-0:20180508-4.el7
grilo-0:0.3.6-1.el7
grilo-debuginfo-0:0.3.6-1.el7
grilo-devel-0:0.3.6-1.el7
grilo-plugins-0:0.3.7-1.el7
grilo-plugins-debuginfo-0:0.3.7-1.el7
gsettings-desktop-schemas-0:3.28.0-2.el7
gsettings-desktop-schemas-devel-0:3.28.0-2.el7
gspell-0:1.6.1-1.el7
gspell-debuginfo-0:1.6.1-1.el7
gspell-devel-0:1.6.1-1.el7
gspell-doc-0:1.6.1-1.el7
gssdp-0:1.0.2-1.el7
gssdp-debuginfo-0:1.0.2-1.el7
gssdp-devel-0:1.0.2-1.el7
gssdp-docs-0:1.0.2-1.el7
gssdp-utils-0:1.0.2-1.el7
gstreamer1-plugins-base-0:1.10.4-2.el7
gstreamer1-plugins-base-debuginfo-0:1.10.4-2.el7
gstreamer1-plugins-base-devel-0:1.10.4-2.el7
gstreamer1-plugins-base-devel-docs-0:1.10.4-2.el7
gstreamer1-plugins-base-tools-0:1.10.4-2.el7
gtk-doc-0:1.28-2.el7
gtk-update-icon-cache-0:3.22.30-3.el7
gtk3-0:3.22.30-3.el7
gtk3-debuginfo-0:3.22.30-3.el7
gtk3-devel-0:3.22.30-3.el7
gtk3-devel-docs-0:3.22.30-3.el7
gtk3-immodule-xim-0:3.22.30-3.el7
gtk3-immodules-0:3.22.30-3.el7
gtk3-tests-0:3.22.30-3.el7
gtksourceview3-0:3.24.8-1.el7
gtksourceview3-debuginfo-0:3.24.8-1.el7
gtksourceview3-devel-0:3.24.8-1.el7
gtksourceview3-tests-0:3.24.8-1.el7
gucharmap-0:10.0.4-1.el7
gucharmap-debuginfo-0:10.0.4-1.el7
gucharmap-devel-0:10.0.4-1.el7
gucharmap-libs-0:10.0.4-1.el7
gupnp-0:1.0.2-5.el7
gupnp-debuginfo-0:1.0.2-5.el7
gupnp-devel-0:1.0.2-5.el7
gupnp-docs-0:1.0.2-5.el7
gupnp-igd-0:0.2.5-2.el7
gupnp-igd-debuginfo-0:0.2.5-2.el7
gupnp-igd-devel-0:0.2.5-2.el7
gupnp-igd-python-0:0.2.5-2.el7
gvfs-0:1.36.2-1.el7
gvfs-afc-0:1.36.2-1.el7
gvfs-afp-0:1.36.2-1.el7
gvfs-archive-0:1.36.2-1.el7
gvfs-client-0:1.36.2-1.el7
gvfs-debuginfo-0:1.36.2-1.el7
gvfs-devel-0:1.36.2-1.el7
gvfs-fuse-0:1.36.2-1.el7
gvfs-goa-0:1.36.2-1.el7
gvfs-gphoto2-0:1.36.2-1.el7
gvfs-mtp-0:1.36.2-1.el7
gvfs-smb-0:1.36.2-1.el7
gvfs-tests-0:1.36.2-1.el7
harfbuzz-0:1.7.5-2.el7
harfbuzz-debuginfo-0:1.7.5-2.el7
harfbuzz-devel-0:1.7.5-2.el7
harfbuzz-icu-0:1.7.5-2.el7
json-glib-0:1.4.2-2.el7
json-glib-debuginfo-0:1.4.2-2.el7
json-glib-devel-0:1.4.2-2.el7
json-glib-tests-0:1.4.2-2.el7
libappstream-glib-0:0.7.8-2.el7
libappstream-glib-builder-0:0.7.8-2.el7
libappstream-glib-builder-devel-0:0.7.8-2.el7
libappstream-glib-debuginfo-0:0.7.8-2.el7
libappstream-glib-devel-0:0.7.8-2.el7
libchamplain-0:0.12.16-2.el7
libchamplain-debuginfo-0:0.12.16-2.el7
libchamplain-demos-0:0.12.16-2.el7
libchamplain-devel-0:0.12.16-2.el7
libchamplain-gtk-0:0.12.16-2.el7
libcroco-0:0.6.12-4.el7
libcroco-debuginfo-0:0.6.12-4.el7
libcroco-devel-0:0.6.12-4.el7
libgdata-0:0.17.9-1.el7
libgdata-debuginfo-0:0.17.9-1.el7
libgdata-devel-0:0.17.9-1.el7
libgee-0:0.20.1-1.el7
libgee-debuginfo-0:0.20.1-1.el7
libgee-devel-0:0.20.1-1.el7
libgepub-0:0.6.0-1.el7
libgepub-debuginfo-0:0.6.0-1.el7
libgepub-devel-0:0.6.0-1.el7
libgexiv2-0:0.10.8-1.el7
libgexiv2-debuginfo-0:0.10.8-1.el7
libgexiv2-devel-0:0.10.8-1.el7
libgnomekbd-0:3.26.0-1.el7
libgnomekbd-debuginfo-0:3.26.0-1.el7
libgnomekbd-devel-0:3.26.0-1.el7
libgovirt-0:0.3.4-1.el7
libgovirt-debuginfo-0:0.3.4-1.el7
libgovirt-devel-0:0.3.4-1.el7
libgtop2-0:2.38.0-3.el7
libgtop2-debuginfo-0:2.38.0-3.el7
libgtop2-devel-0:2.38.0-3.el7
libgweather-0:3.28.2-2.el7
libgweather-debuginfo-0:3.28.2-2.el7
libgweather-devel-0:3.28.2-2.el7
libgxps-0:0.3.0-4.el7
libgxps-debuginfo-0:0.3.0-4.el7
libgxps-devel-0:0.3.0-4.el7
libgxps-tools-0:0.3.0-4.el7
libical-0:3.0.3-2.el7
libical-debuginfo-0:3.0.3-2.el7
libical-devel-0:3.0.3-2.el7
libical-glib-0:3.0.3-2.el7
libical-glib-devel-0:3.0.3-2.el7
libical-glib-doc-0:3.0.3-2.el7
libjpeg-turbo-0:1.2.90-6.el7
libjpeg-turbo-debuginfo-0:1.2.90-6.el7
libjpeg-turbo-devel-0:1.2.90-6.el7
libjpeg-turbo-static-0:1.2.90-6.el7
libjpeg-turbo-utils-0:1.2.90-6.el7
libmediaart-0:1.9.4-1.el7
libmediaart-debuginfo-0:1.9.4-1.el7
libmediaart-devel-0:1.9.4-1.el7
libmediaart-tests-0:1.9.4-1.el7
libosinfo-0:1.1.0-2.el7
libosinfo-debuginfo-0:1.1.0-2.el7
libosinfo-devel-0:1.1.0-2.el7
libosinfo-vala-0:1.1.0-2.el7
libpeas-0:1.22.0-1.el7
libpeas-debuginfo-0:1.22.0-1.el7
libpeas-devel-0:1.22.0-1.el7
libpeas-gtk-0:1.22.0-1.el7
libpeas-loader-python-0:1.22.0-1.el7
librsvg2-0:2.40.20-1.el7
librsvg2-debuginfo-0:2.40.20-1.el7
librsvg2-devel-0:2.40.20-1.el7
librsvg2-tools-0:2.40.20-1.el7
libsecret-0:0.18.6-1.el7
libsecret-debuginfo-0:0.18.6-1.el7
libsecret-devel-0:0.18.6-1.el7
libsoup-0:2.62.2-2.el7
libsoup-debuginfo-0:2.62.2-2.el7
libsoup-devel-0:2.62.2-2.el7
libwayland-client-0:1.15.0-1.el7
libwayland-cursor-0:1.15.0-1.el7
libwayland-egl-0:1.15.0-1.el7
libwayland-server-0:1.15.0-1.el7
libwnck3-0:3.24.1-2.el7
libwnck3-debuginfo-0:3.24.1-2.el7
libwnck3-devel-0:3.24.1-2.el7
meson-0:0.45.1-1.el7
mozjs52-0:52.9.0-1.el7
mozjs52-debuginfo-0:52.9.0-1.el7
mozjs52-devel-0:52.9.0-1.el7
mutter-0:3.28.3-4.el7
mutter-debuginfo-0:3.28.3-4.el7
mutter-devel-0:3.28.3-4.el7
nautilus-0:3.26.3.1-2.el7
nautilus-debuginfo-0:3.26.3.1-2.el7
nautilus-devel-0:3.26.3.1-2.el7
nautilus-extensions-0:3.26.3.1-2.el7
nautilus-sendto-1:3.8.6-1.el7
nautilus-sendto-debuginfo-1:3.8.6-1.el7
ninja-build-0:1.8.2-1.el7
ninja-build-debuginfo-0:1.8.2-1.el7
openchange-0:2.3-3.el7
openchange-client-0:2.3-3.el7
openchange-debuginfo-0:2.3-3.el7
openchange-devel-0:2.3-3.el7
openchange-devel-docs-0:2.3-3.el7
osinfo-db-0:20180531-1.el7
pango-0:1.42.4-1.el7
pango-debuginfo-0:1.42.4-1.el7
pango-devel-0:1.42.4-1.el7
pango-tests-0:1.42.4-1.el7
poppler-0:0.26.5-20.el7
poppler-cpp-0:0.26.5-20.el7
poppler-cpp-devel-0:0.26.5-20.el7
poppler-debuginfo-0:0.26.5-20.el7
poppler-demos-0:0.26.5-20.el7
poppler-devel-0:0.26.5-20.el7
poppler-glib-0:0.26.5-20.el7
poppler-glib-devel-0:0.26.5-20.el7
poppler-qt-0:0.26.5-20.el7
poppler-qt-devel-0:0.26.5-20.el7
poppler-utils-0:0.26.5-20.el7
python2-gexiv2-0:0.10.8-1.el7
python2-pyatspi-0:2.26.0-3.el7
redhat-logos-0:70.0.3-7.el7
rest-0:0.8.1-2.el7
rest-debuginfo-0:0.8.1-2.el7
rest-devel-0:0.8.1-2.el7
rhythmbox-0:3.4.2-2.el7
rhythmbox-debuginfo-0:3.4.2-2.el7
rhythmbox-devel-0:3.4.2-2.el7
seahorse-nautilus-0:3.11.92-11.el7
seahorse-nautilus-debuginfo-0:3.11.92-11.el7
shotwell-0:0.28.4-1.el7
shotwell-debuginfo-0:0.28.4-1.el7
sushi-0:3.28.3-1.el7
sushi-debuginfo-0:3.28.3-1.el7
totem-1:3.26.2-1.el7
totem-debuginfo-1:3.26.2-1.el7
totem-devel-1:3.26.2-1.el7
totem-nautilus-1:3.26.2-1.el7
totem-pl-parser-0:3.26.1-1.el7
totem-pl-parser-debuginfo-0:3.26.1-1.el7
totem-pl-parser-devel-0:3.26.1-1.el7
turbojpeg-0:1.2.90-6.el7
turbojpeg-devel-0:1.2.90-6.el7
upower-0:0.99.7-1.el7
upower-debuginfo-0:0.99.7-1.el7
upower-devel-0:0.99.7-1.el7
upower-devel-docs-0:0.99.7-1.el7
vala-0:0.40.8-1.el7
vala-debuginfo-0:0.40.8-1.el7
vala-devel-0:0.40.8-1.el7
vala-doc-0:0.40.8-1.el7
valadoc-0:0.40.8-1.el7
valadoc-devel-0:0.40.8-1.el7
vino-0:3.22.0-7.el7
vino-debuginfo-0:3.22.0-7.el7
vte-profile-0:0.52.2-2.el7
vte291-0:0.52.2-2.el7
vte291-debuginfo-0:0.52.2-2.el7
vte291-devel-0:0.52.2-2.el7
wayland-debuginfo-0:1.15.0-1.el7
wayland-devel-0:1.15.0-1.el7
wayland-doc-0:1.15.0-1.el7
wayland-protocols-devel-0:1.14-1.el7
webkitgtk4-0:2.20.5-1.el7
webkitgtk4-debuginfo-0:2.20.5-1.el7
webkitgtk4-devel-0:2.20.5-1.el7
webkitgtk4-doc-0:2.20.5-1.el7
webkitgtk4-jsc-0:2.20.5-1.el7
webkitgtk4-jsc-devel-0:2.20.5-1.el7
webkitgtk4-plugin-process-gtk2-0:2.20.5-1.el7
xdg-desktop-portal-0:1.0.2-1.el7
xdg-desktop-portal-debuginfo-0:1.0.2-1.el7
xdg-desktop-portal-devel-0:1.0.2-1.el7
xdg-desktop-portal-gtk-0:1.0.2-1.el7
xdg-desktop-portal-gtk-debuginfo-0:1.0.2-1.el7
yelp-2:3.28.1-1.el7
yelp-debuginfo-2:3.28.1-1.el7
yelp-devel-2:3.28.1-1.el7
yelp-libs-2:3.28.1-1.el7
yelp-tools-0:3.28.0-1.el7
yelp-xsl-0:3.28.0-1.el7
yelp-xsl-devel-0:3.28.0-1.el7
zenity-0:3.28.1-1.el7
zenity-debuginfo-0:3.28.1-1.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References