Vulnerability CVE-2018-1000005 - CERT Civis.Net

Vulnerability Name:

CVE-2018-1000005 (CCN-138219)

Assigned:

2018-01-24

Published:

2018-01-24

Updated:

2019-06-18

Summary:

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.

CVSS v3 Severity:

9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): High

9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): High

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Partial

9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2018-1000005

Source: CCN
Type: IBM Security Bulletin 731383 (PureFlex System & Flex System)
Vulnerabilities in cURL/libcURL affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru

Source: CCN
Type: IBM Security Bulletin 2014495 (Rational ClearCase)
Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2018-1000005, CVE-2018-1000007)

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1040273

Source: REDHAT
Type: UNKNOWN
RHSA-2019:1543

Source: CCN
Type: Project curl Security Advisory, January 24th 2018
HTTP/2 trailer out-of-bounds read

Source: CONFIRM
Type: Patch, Vendor Advisory
https://curl.haxx.se/docs/adv_2018-824a.html

Source: XF
Type: UNKNOWN
libcurl-cve20181000005-dos(138219)

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/curl/curl/pull/2231

Source: UBUNTU
Type: Third Party Advisory
USN-3554-1

Source: DEBIAN
Type: Third Party Advisory
DSA-4098

Source: CCN
Type: IBM Security Bulletin 888299 (QLogic Virtual Fabric Extension Module for IBM BladeCenter)
Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-1000005

Vulnerable Configuration:

Configuration 1:

cpe:/a:haxx:libcurl:*:*:*:*:*:*:*:* (Version >= 7.49.0 and <= 7.57.0)

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:curl:libcurl:7.49.0:*:*:*:*:*:*:*

OR cpe:/a:curl:libcurl:7.57.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.19:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.20:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0.21:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.14:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1.16:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0.1.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:636	P	Security update for nodejs16 (Important) (in QA)	2022-09-29
oval:org.opensuse.security:def:20181000005	V	CVE-2018-1000005	2022-08-07
oval:org.opensuse.security:def:2902	P	curl-7.79.1-150400.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94532	P	curl-7.79.1-150400.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:57	P	freetype2-devel-2.10.1-4.8.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:38	P	curl-7.66.0-4.14.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:335	P	xdg-utils-1.1.3+20190413-1.24 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:967	P	Security update for python-libxml2-python (Important)	2022-03-10
oval:org.opensuse.security:def:100405	P	(Important)	2022-01-25
oval:org.opensuse.security:def:112133	P	curl-7.79.1-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:8402	P	Security update for the Linux Kernel (Important) (in QA)	2022-01-07
oval:org.opensuse.security:def:10433	P	Security update for go1.16 (Moderate)	2021-12-23
oval:org.opensuse.security:def:10386	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:8693	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:6256	P	Recommended update for php7 (Moderate)	2021-12-06
oval:org.opensuse.security:def:8680	P	Security update for openssh (Important)	2021-12-03
oval:org.opensuse.security:def:6243	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:105669	P	Security update for python-Pygments (Important)	2021-12-01
oval:org.opensuse.security:def:8004	P	Security update for redis (Important)	2021-11-23
oval:org.opensuse.security:def:6234	P	Security update for postgresql12 (Important)	2021-11-22
oval:org.opensuse.security:def:8671	P	Security update for tomcat (Important)	2021-11-16
oval:org.opensuse.security:def:6225	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:10165	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:6192	P	Security update for libcryptopp (Moderate)	2021-10-06
oval:org.opensuse.security:def:103234	P	curl-7.60.0-3.17.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71165	P	curl-7.60.0-3.17.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96544	P	curl-7.60.0-3.17.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89579	P	curl-7.60.0-3.17.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:10340	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:6167	P	Security update for xerces-c (Important)	2021-09-06
oval:org.opensuse.security:def:69728	P	Security update for java-11-openjdk (Important)	2021-09-03
oval:org.opensuse.security:def:8050	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:10329	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:10318	P	Security update for go1.15 (Moderate)	2021-08-20
oval:org.opensuse.security:def:10131	P	Security update for libsndfile (Critical)	2021-08-17
oval:org.opensuse.security:def:10316	P	Security update for webkit2gtk3 (Important)	2021-08-17
oval:org.opensuse.security:def:47577	P	coreutils-8.25-13.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47917	P	wget-1.14-21.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46907	P	colord-gtk-lang-0.1.26-6.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47409	P	libsoup-2_4-1-2.54.1-4.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47704	P	libexempi3-2.2.1-5.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48084	P	libXrender1-0.9.8-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:87628	P	curl-7.60.0-2.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47279	P	gstreamer-plugins-good-1.8.3-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47587	P	curl-7.60.0-2.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47855	P	perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46992	P	libXfixes3-32bit-5.0.1-3.53 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:8629	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:47185	P	xlockmore-5.43-5.30 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14467	P	curl-7.60.0-2.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47982	P	cups-1.7.5-20.23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47039	P	libjson-c2-0.11-2.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47557	P	apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47985	P	curl-7.60.0-9.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47735	P	libldb1-1.1.29-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47493	P	rrdtool-1.4.7-20.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14865	P	curl-7.60.0-9.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47317	P	libXinerama1-1.1.3-3.54 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47639	P	gv-3.7.4-1.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48013	P	gd-2.1.0-24.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47131	P	ppc64-diag-2.7.1-5.6 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47771	P	libpulse-mainloop-glib0-32bit-5.0-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47806	P	libvncclient0-0.9.9-17.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:100814	P	curl-7.66.0-4.14.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62789	P	libid3tag0-0.15.1b-3.14 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62056	P	curl-7.66.0-4.14.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62028	P	autofs-5.1.3-7.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63022	P	libtdsodbc0-1.1.36-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62238	P	libvirt-libs-7.1.0-4.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71797	P	curl-7.66.0-4.14.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:10310	P	Security update for qemu (Important)	2021-08-02
oval:org.opensuse.security:def:6691	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15) (Important)	2021-07-27
oval:org.opensuse.security:def:6092	P	Security update for ffmpeg (Important)	2021-07-14
oval:org.opensuse.security:def:7974	P	Security update for qemu (Moderate)	2021-06-30
oval:org.opensuse.security:def:70822	P	Security update for the Linux Kernel (Important)	2021-06-28
oval:org.opensuse.security:def:6073	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:9353	P	Security update for dovecot23 (Important)	2021-06-22
oval:org.opensuse.security:def:6678	P	Security update for the Linux Kernel (Live Patch 22 for SLE 15) (Important)	2021-06-18
oval:org.opensuse.security:def:6916	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP1) (Important)	2021-06-18
oval:org.opensuse.security:def:6058	P	Security update for postgresql10 (Moderate)	2021-06-14
oval:org.opensuse.security:def:8604	P	Security update for squid (Important)	2021-06-11
oval:org.opensuse.security:def:16502	P	libcurl-devel-7.60.0-2.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36224	P	libtiff3-3.8.2-141.154.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46714	P	libapr-util1-1.5.3-1.77 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36236	P	logwatch-7.3.6-65.74.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70887	P	curl-7.60.0-1.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61238	P	libidn2-0-2.0.4-1.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48444	P	hplip-3.14.6-3.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61262	P	libopus0-1.2.1-1.29 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46579	P	stunnel-5.00-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11291	P	elfutils-0.158-3.200 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70935	P	krb5-1.15.2-4.25 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48722	P	gimp-2.8.10-1.164 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36320	P	w3m-0.5.2-132.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48498	P	libgraphite2-3-1.3.1-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46857	P	tftp-5.2-10.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36456	P	libjasper-devel-1.900.1-134.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46578	P	strongswan-5.1.3-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46593	P	wireshark-1.10.9-1.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36225	P	libtspi1-0.3.10-0.11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11269	P	bogofilter-1.2.4-3.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48776	P	gnome-shell-calendar-3.20.4-70.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61146	P	curl-7.60.0-1.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61239	P	libipa_hbac-devel-1.16.1-1.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:77720	P	curl-7.60.0-2.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46856	P	tcpdump-4.5.1-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12424	P	curl-7.60.0-2.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46871	P	xen-4.5.1_12-2.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36557	P	rubygem-activemodel-3_2-3.2.12-0.5.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10265	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:9331	P	Security update for shim (Important)	2021-06-01
oval:org.opensuse.security:def:10084	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:6894	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP1) (Important)	2021-05-25
oval:org.opensuse.security:def:8955	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:6011	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:6669	P	Security update for the Linux Kernel (Important)	2021-05-12
oval:org.opensuse.security:def:10240	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:8933	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:6660	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15) (Important)	2021-04-07
oval:org.opensuse.security:def:69623	P	Security update for tomcat (Important)	2021-04-01
oval:org.opensuse.security:def:8264	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:5965	P	Security update for openldap2 (Important)	2021-03-08
oval:org.opensuse.security:def:5943	P	Security update for qemu (Important)	2021-02-19
oval:org.opensuse.security:def:5935	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:8372	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:8662	P	Security update for python-urllib3 (Moderate)	2021-02-08
oval:org.opensuse.security:def:10307	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:6446	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:8380	P	Security update for hawk2 (Important)	2021-01-12
oval:org.opensuse.security:def:10146	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:7982	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:10631	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:8529	P	Security update for xen (Important)	2020-12-04
oval:org.opensuse.security:def:61898	P	libunbound2-1.6.8-8.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61725	P	curl-7.66.0-2.59 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62921	P	perl-Tk-devel-804.034-1.44 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12859	P	curl-7.60.0-9.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62557	P	libjasper-devel-2.0.14-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16805	P	libcurl-devel-7.60.0-9.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62687	P	libnma-devel-1.8.24-5.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62972	P	perl-Archive-Extract-0.80-1.24 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107071	P	curl-7.66.0-2.59 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61704	P	bash-4.4-9.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71466	P	curl-7.66.0-2.59 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49023	P	libofx-0.9.9-3.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62883	P	aaa_base-malloccheck-84.87+git20180409.04c9dae-3.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63055	P	python2-numpy-gnu-hpc-1.16.5-1.164 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93692	P	curl-7.66.0-2.59 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36623	P	kbd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6527	P	wdiff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37039	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64148	P	Security update for libsolv (Moderate)	2020-12-01
oval:org.opensuse.security:def:52892	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:8231	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36864	P	java-1_8_0-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10609	P	xen-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:72945	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:49077	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53736	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:10989	P	libcurl-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10467	P	libXext-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53451	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:52375	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:8510	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67582	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36955	P	libtiff5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8273	P	chrony on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38161	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10016	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6493	P	python-libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36972	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7351	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52613	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:8131	P	libpulse-mainloop-glib0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37437	P	gdk-pixbuf-loader-rsvg on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66280	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:36622	P	java-1_7_0-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36614	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55012	P	socat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37262	P	libthai-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53617	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:64235	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36634	P	libXfixes3-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6602	P	fontconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37083	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6378	P	libgcrypt20 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53058	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:52213	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:8448	P	libsrtp1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36923	P	libmms0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10618	P	LibVNCServer-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10967	P	libXrender-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10542	P	libsmbclient-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8097	P	libgnomesu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37370	P	DirectFB on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37012	P	rpcbind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8282	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37721	P	SuSEfirewall2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10008	P	update-alternatives on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10038	P	automake on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6508	P	socat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37011	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7329	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66372	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52786	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:8206	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37481	P	libHX28 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55086	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36704	P	libvte9 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73063	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37321	P	rpcbind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53655	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:52212	P	Security update for rubygem-actionpack-5_1 (Important)	2020-12-01
oval:org.opensuse.security:def:36718	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10448	P	gnome-shell-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6627	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6370	P	libecpg6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6400	P	libmikmod3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53343	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:52235	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:8495	P	perl-XML-LibXML on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36854	P	hardlink on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67482	P	Security update for nodejs10 (Critical)	2020-12-01
oval:org.opensuse.security:def:10567	P	libzip-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38119	P	accountsservice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8112	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37409	P	cups-pk-helper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37763	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37102	P	dnsmasq on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53543	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:8295	P	dosfstools on GA media (Moderate)	2020-12-01
oval:com.ubuntu.artful:def:20181000005000	V	CVE-2018-1000005 on Ubuntu 17.10 (artful) - medium.	2018-01-24
oval:com.ubuntu.xenial:def:201810000050000000	V	CVE-2018-1000005 on Ubuntu 16.04 LTS (xenial) - medium.	2018-01-24
oval:com.ubuntu.trusty:def:20181000005000	V	CVE-2018-1000005 on Ubuntu 14.04 LTS (trusty) - medium.	2018-01-24
oval:com.ubuntu.xenial:def:20181000005000	V	CVE-2018-1000005 on Ubuntu 16.04 LTS (xenial) - medium.	2018-01-24