McAfee Foundstone FSL Update · 88971 - Slackware Linux 14.0, 14.1, 14.2 SSA:2018-229-02 Update Is Not Installed. Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes

2018-NOV-08FSL version 7.6.65

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is adetailed summary of the new and updated checks included with this release.

NEW CHECKS

163728 - Oracle Enterprise Linux ELSA-2018-3056 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2008-1105, CVE-2008-3789, CVE-2008-4314, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, CVE-2010-0728, CVE-2012-0817, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0172,CVE-2013-0213, CVE-2013-0214, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-0240, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5370, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115,CVE-2016-2118, CVE-2016-2119, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-14746, CVE-2017-15275, CVE-2017-2619, CVE-2017-7494, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139

DescriptionThe scan detected that the host is missing the following update:ELSA-2018-3056

ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

http://oss.oracle.com/pipermail/el-errata/2018-November/008199.html

OEL7x86_64samba-4.8.3-4.el7samba-common-4.8.3-4.el7samba-client-libs-4.8.3-4.el7samba-vfs-glusterfs-4.8.3-4.el7ctdb-4.8.3-4.el7libwbclient-devel-4.8.3-4.el7samba-client-4.8.3-4.el7libsmbclient-4.8.3-4.el7samba-winbind-clients-4.8.3-4.el7samba-winbind-krb5-locator-4.8.3-4.el7samba-dc-libs-4.8.3-4.el7samba-winbind-4.8.3-4.el7samba-common-libs-4.8.3-4.el7libwbclient-4.8.3-4.el7samba-test-libs-4.8.3-4.el7samba-pidl-4.8.3-4.el7samba-devel-4.8.3-4.el7samba-dc-4.8.3-4.el7samba-common-tools-4.8.3-4.el7samba-test-4.8.3-4.el7ctdb-tests-4.8.3-4.el7samba-python-test-4.8.3-4.el7

samba-winbind-modules-4.8.3-4.el7samba-libs-4.8.3-4.el7libsmbclient-devel-4.8.3-4.el7samba-python-4.8.3-4.el7samba-krb5-printing-4.8.3-4.el7

24358 - Mozilla Firefox ESR Vulnerabilities Prior To ESR 60.3

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-12389, CVE-2018-12390, CVE-2018-12391, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397

DescriptionMultiple Vulnerabilities are present in some versions of Mozilla Firefox ESR.

ObservationMozilla Firefox ESR is a popular web browser.

Multiple Vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in multiple components. Successful exploitation could allow an attacker to obtain potentially sensitive information or execute arbitrary codes in the system.

24359 - Mozilla Firefox ESR Vulnerabilities Prior To ESR 60.3

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-12389, CVE-2018-12390, CVE-2018-12391, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397

DescriptionMultiple Vulnerabilities are present in some versions of Mozilla Firefox ESR.

ObservationMozilla Firefox ESR is a popular web browser.

Multiple Vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in multiple components. Successful exploitation could allow an attacker to obtain potentially sensitive information or execute arbitrary codes in the system.

24370 - (HT209192) Apple iOS Multiple Vulnerabilities Prior To 12.1

Category: Wireless Assessment -> NonIntrusive -> iOSRisk Level: HighCVE: CVE-2018-4365, CVE-2018-4366, CVE-2018-4367, CVE-2018-4368, CVE-2018-4369, CVE-2018-4371, CVE-2018-4372, CVE-2018-4373, CVE-2018-4374, CVE-2018-4375, CVE-2018-4376, CVE-2018-4377, CVE-2018-4378, CVE-2018-4382, CVE-2018-4384,CVE-2018-4385, CVE-2018-4386, CVE-2018-4387, CVE-2018-4388, CVE-2018-4390, CVE-2018-4391, CVE-2018-4392, CVE-2018-4394, CVE-2018-4398, CVE-2018-4400, CVE-2018-4409, CVE-2018-4413, CVE-2018-4416, CVE-2018-4419, CVE-2018-4420, CVE-2018-4427

DescriptionMultiple vulnerabilities are present in some versions of Apple iOS.

Observation

Apple iOS is the operating system used by Apple iPhone, iPad, and iPod touch.

Multiple vulnerabilities are present in some versions of Apple iOS. The flaws lie in many components. Successful exploitation could allow an attacker to cause denial of service condition, execute arbitrary code, conduct spoofing attacks or may lead to cross-site scripting.

132486 - Oracle VM OVMSA-2018-0270 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: HighCVE: CVE-2018-1000805

DescriptionThe scan detected that the host is missing the following update:OVMSA-2018-0270


http://oss.oracle.com/pipermail/oraclevm-errata/2018-November/000904.htmlhttp://oss.oracle.com/pipermail/oraclevm-errata/2018-November/000903.html

OVM3.3x86_64python-paramiko-1.7.5-5.el6_10

OVM3.4x86_64python-paramiko-1.7.5-5.el6_10


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2017-13089, CVE-2017-13090, CVE-2018-0494




OEL7x86_64wget-1.14-18.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: High

CVE: CVE-2018-1000805



http://oss.oracle.com/pipermail/el-errata/2018-October/008179.html

OEL6x86_64python-paramiko-1.7.5-5.el6_10

i386python-paramiko-1.7.5-5.el6_10

175467 - Scientific Linux Security ERRATA Critical: python-paramiko on SL6.x (noarch) (1810-13335)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2018-1000805

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Critical: python-paramiko on SL6.x (noarch) (1810-13335)


https://listserv.fnal.gov/scripts/wa.exe?A2=ind1810&L=scientific-linux-errata&F=&S=&P=13335

SL6noarchpython-paramiko-1.7.5-4.el6_7.1python-paramiko-1.7.5-4.el6_6.1python-paramiko-1.7.5-5.el6_10

24354 - Splunk Enterprise Multiple Vulnerabilities (SP-CAAAP5T)

Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: HighCVE: CVE-2018-7427, CVE-2018-7429, CVE-2018-7431, CVE-2018-7432

DescriptionMultiple vulnerabilities are present in some versions of Splunk Enterprise.

ObservationSplunk Enterprise is a platform for real-time operational intelligence.

Multiple vulnerabilities are present in some versions of Splunk Enterprise. The flaws lie in multiple components running Splunk Web. Successful exploitation could allow an attacker to obtain sensitive information, execute arbitrary code and or cause a denial of service

condition on the target.

24355 - IBM WebSphere Application Server Directory Traversal Vulnerability (ibm10729521)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-1770

DescriptionA vulnerability is present in some versions of IBM WebSphere Application Server.

ObservationIBM WebSphere Application Server is a server engine for Java EE Web applications.

A vulnerability is present in some versions of IBM WebSphere Application Server. The flaw lies in the Admin Console. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.

24356 - Mozilla Firefox Multiple Vulnerabilities Prior To 63

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-12388, CVE-2018-12390, CVE-2018-12391, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397, CVE-2018-12398, CVE-2018-12399, CVE-2018-12400, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403

DescriptionMultiple vulnerabilities are present in some versions of Mozilla Firefox.

ObservationMozilla Firefox is a popular web browser.

Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in multiple components. Successful exploitation could allow an attacker to obtain potentially sensitive information, potentially execute arbitrary remote code or cause denial of service conditions.

24357 - Mozilla Firefox Multiple Vulnerabilities Prior To 63

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-12388, CVE-2018-12390, CVE-2018-12391, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397, CVE-2018-12398, CVE-2018-12399, CVE-2018-12400, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403

DescriptionMultiple vulnerabilities are present in some versions of Mozilla Firefox.

ObservationMozilla Firefox is a popular web browser.

Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in multiple components. Successful exploitation could allow an attacker to obtain potentially sensitive information, potentially execute arbitrary remote code or cause denial of service

conditions.

24360 - Cisco Adaptive Security Appliance Software Denial of Service Vulnerability (cisco-sa-20181031-asaftd-sip-dos)

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-15454

DescriptionA vulnerability is present in some versions of Cisco ASA devices.

ObservationCisco Adaptive Security Appliance is a word-class line of network security devices.

A vulnerability is present in some versions of Cisco ASA devices. The flaw is due to improper handling of SIP traffic. Successful exploitation could allow a remote attacker to cause a denial of service.

88984 - Slackware Linux 14.1, 14.2 SSA:2018-309-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: HighCVE: CVE-2016-9843, CVE-2018-3143, CVE-2018-3156, CVE-2018-3174, CVE-2018-3251, CVE-2018-3282

DescriptionThe scan detected that the host is missing the following update:SSA:2018-309-01


http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.409078

Slackware 14.1x86_64mariadb-5.5.62-x86_64-1

Slackware 14.2x86_64mariadb-10.0.37-x86_64-1

i586mariadb-10.0.37-i586-1

147305 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:3590-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-12086, CVE-2018-18227

DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:3590-1


http://lists.suse.com/pipermail/sle-security-updates/2018-October/004819.html

SuSE SLED 12 SP3x86_64libwireshark9-2.4.10-48.32.1wireshark-gtk-debuginfo-2.4.10-48.32.1libwiretap7-debuginfo-2.4.10-48.32.1libwsutil8-debuginfo-2.4.10-48.32.1libwiretap7-2.4.10-48.32.1wireshark-debuginfo-2.4.10-48.32.1wireshark-gtk-2.4.10-48.32.1libwireshark9-debuginfo-2.4.10-48.32.1wireshark-2.4.10-48.32.1libwscodecs1-debuginfo-2.4.10-48.32.1libwscodecs1-2.4.10-48.32.1libwsutil8-2.4.10-48.32.1wireshark-debugsource-2.4.10-48.32.1

SuSE SLES 12 SP3x86_64libwireshark9-2.4.10-48.32.1wireshark-gtk-debuginfo-2.4.10-48.32.1libwiretap7-debuginfo-2.4.10-48.32.1libwsutil8-debuginfo-2.4.10-48.32.1libwiretap7-2.4.10-48.32.1wireshark-debuginfo-2.4.10-48.32.1wireshark-gtk-2.4.10-48.32.1libwireshark9-debuginfo-2.4.10-48.32.1wireshark-2.4.10-48.32.1libwscodecs1-debuginfo-2.4.10-48.32.1libwscodecs1-2.4.10-48.32.1libwsutil8-2.4.10-48.32.1wireshark-debugsource-2.4.10-48.32.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-16840, CVE-2018-16842



http://lists.suse.com/pipermail/sle-security-updates/2018-November/004824.html

SuSE SLED 12 SP3x86_64libcurl4-7.37.0-37.31.1libcurl4-debuginfo-32bit-7.37.0-37.31.1

curl-debugsource-7.37.0-37.31.1libcurl4-debuginfo-7.37.0-37.31.1libcurl4-32bit-7.37.0-37.31.1curl-debuginfo-7.37.0-37.31.1curl-7.37.0-37.31.1

SuSE SLES 12 SP3x86_64libcurl4-7.37.0-37.31.1libcurl4-debuginfo-32bit-7.37.0-37.31.1curl-debugsource-7.37.0-37.31.1libcurl4-debuginfo-7.37.0-37.31.1curl-debuginfo-7.37.0-37.31.1curl-7.37.0-37.31.1libcurl4-32bit-7.37.0-37.31.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-17095




SuSE SLED 12 SP3x86_64audiofile-debugsource-0.3.6-11.3.1libaudiofile1-debuginfo-32bit-0.3.6-11.3.1libaudiofile1-debuginfo-0.3.6-11.3.1audiofile-debuginfo-0.3.6-11.3.1libaudiofile1-32bit-0.3.6-11.3.1audiofile-0.3.6-11.3.1libaudiofile1-0.3.6-11.3.1

SuSE SLES 12 SP3x86_64audiofile-debugsource-0.3.6-11.3.1libaudiofile1-debuginfo-32bit-0.3.6-11.3.1libaudiofile1-debuginfo-0.3.6-11.3.1audiofile-debuginfo-0.3.6-11.3.1libaudiofile1-32bit-0.3.6-11.3.1audiofile-0.3.6-11.3.1libaudiofile1-0.3.6-11.3.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-17096, CVE-2018-17097, CVE-2018-17098




SuSE SLED 12 SP3x86_64soundtouch-1.7.1-5.6.1libSoundTouch0-1.7.1-5.6.1libSoundTouch0-32bit-1.7.1-5.6.1soundtouch-debugsource-1.7.1-5.6.1soundtouch-debuginfo-1.7.1-5.6.1libSoundTouch0-debuginfo-32bit-1.7.1-5.6.1libSoundTouch0-debuginfo-1.7.1-5.6.1

SuSE SLES 12 SP3x86_64soundtouch-debuginfo-1.7.1-5.6.1libSoundTouch0-1.7.1-5.6.1soundtouch-debugsource-1.7.1-5.6.1libSoundTouch0-debuginfo-1.7.1-5.6.1

147312 - SuSE SLED 15 SUSE-SU-2018:3589-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-16533, CVE-2017-18224, CVE-2018-18386, CVE-2018-18445




SuSE SLED 15x86_64kernel-default-extra-4.12.14-25.25.1kernel-default-extra-debuginfo-4.12.14-25.25.1kernel-default-debugsource-4.12.14-25.25.1kernel-default-debuginfo-4.12.14-25.25.1

147313 - SuSE SLED 12 SP3 SUSE-SU-2018:3587-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-0358




SuSE SLED 12 SP3x86_64libntfs-3g84-debuginfo-2013.1.13-5.3.1ntfs-3g-2013.1.13-5.3.1ntfs-3g-debuginfo-2013.1.13-5.3.1libntfs-3g84-2013.1.13-5.3.1ntfsprogs-debuginfo-2013.1.13-5.3.1ntfsprogs-2013.1.13-5.3.1ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2014-10071, CVE-2014-10072, CVE-2017-18205, CVE-2017-18206, CVE-2018-1071, CVE-2018-1083, CVE-2018-1100,CVE-2018-7549




OEL7x86_64zsh-5.0.2-31.el7zsh-html-5.0.2-31.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-11600, CVE-2017-13215, CVE-2017-16939,CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2018-1000026, CVE-2018-1000199, CVE-2018-10322, CVE-2018-10675, CVE-2018-1068, CVE-2018-1087, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1091, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120,CVE-2018-1130, CVE-2018-13405, CVE-2018-14634, CVE-2018-3620, CVE-2018-3639, CVE-2018-3665, CVE-2018-3693, CVE-2018-5344, CVE-2018-5390, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7566, CVE-2018-7740, CVE-2018-7757,CVE-2018-8781, CVE-2018-8897

Description

The scan detected that the host is missing the following update:ELSA-2018-3083



OEL7x86_64kernel-tools-3.10.0-957.el7kernel-doc-3.10.0-957.el7kernel-tools-libs-devel-3.10.0-957.el7python-perf-3.10.0-957.el7kernel-abi-whitelists-3.10.0-957.el7kernel-tools-libs-3.10.0-957.el7kernel-debug-devel-3.10.0-957.el7kernel-3.10.0-957.el7bpftool-3.10.0-957.el7perf-3.10.0-957.el7kernel-devel-3.10.0-957.el7kernel-headers-3.10.0-957.el7kernel-debug-3.10.0-957.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2013-0312, CVE-2013-2219, CVE-2013-4485, CVE-2014-0132, CVE-2014-3562, CVE-2014-8105, CVE-2014-8112, CVE-2015-1854, CVE-2016-0741, CVE-2016-4992, CVE-2016-5405, CVE-2017-15134, CVE-2017-15135, CVE-2017-2668, CVE-2018-1054, CVE-2018-10871, CVE-2018-14648




OEL7x86_64389-ds-base-snmp-1.3.8.4-15.el7389-ds-base-1.3.8.4-15.el7389-ds-base-devel-1.3.8.4-15.el7389-ds-base-libs-1.3.8.4-15.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301




OEL7x86_64libcurl-devel-7.29.0-51.el7libcurl-7.29.0-51.el7nss-pem-1.0.3-5.el7curl-7.29.0-51.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2017-18198, CVE-2017-18199, CVE-2017-18201




OEL7x86_64libcdio-0.92-3.el7libcdio-devel-0.92-3.el7

186459 - Ubuntu Linux 14.04, 16.04, 18.04 USN-3810-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2018-11574

DescriptionThe scan detected that the host is missing the following update:USN-3810-1


https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-November/004650.html

Ubuntu 16.04

ppp_2.4.7-1+2ubuntu1.16.04.1

Ubuntu 14.04

ppp_2.4.5-5.1ubuntu2.3

Ubuntu 18.04

ppp_2.4.7-2+2ubuntu1.1

131238 - Debian Linux 9.0 DSA-4334-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2017-17866, CVE-2018-1000037, CVE-2018-1000040, CVE-2018-5686, CVE-2018-6187, CVE-2018-6192

DescriptionThe scan detected that the host is missing the following update:DSA-4334-1


http://www.debian.org/security/2018/dsa-4334

Debian 9.0allmupdf_1.9a+ds1-4+deb9u4


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214



http://oss.oracle.com/pipermail/el-errata/2018-October/008178.html

OEL6x86_64java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.0.1.el6_10java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.0.1.el6_10java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.0.1.el6_10java-1.7.0-openjdk-1.7.0.201-2.6.16.0.0.1.el6_10java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.0.1.el6_10

i386

java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.0.1.el6_10java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.0.1.el6_10java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.0.1.el6_10java-1.7.0-openjdk-1.7.0.201-2.6.16.0.0.1.el6_10java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.0.1.el6_10


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10372, CVE-2018-10373, CVE-2018-10534, CVE-2018-10535, CVE-2018-13033, CVE-2018-7208, CVE-2018-7568,CVE-2018-7569, CVE-2018-7642, CVE-2018-7643, CVE-2018-8945




OEL7x86_64binutils-2.27-34.base.0.1.el7binutils-devel-2.27-34.base.0.1.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-5729, CVE-2018-5730




OEL7x86_64krb5-server-1.15.1-34.el7krb5-devel-1.15.1-34.el7krb5-workstation-1.15.1-34.el7krb5-server-ldap-1.15.1-34.el7krb5-libs-1.15.1-34.el7libkadm5-1.15.1-34.el7krb5-pkinit-1.15.1-34.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682




OEL7x86_64libmspack-0.5-0.6.alpha.el7libmspack-devel-0.5-0.6.alpha.el7

175465 - Scientific Linux Security ERRATA Important: java-1.7.0-openjdk on SL6.x i386/x86_64 (1810-14124)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: MediumCVE: CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: java-1.7.0-openjdk on SL6.x i386/x86_64 (1810-14124)



SL6i386java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10

noarchjava-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10

x86_64java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes

Risk Level: MediumCVE: CVE-2018-12458, CVE-2018-13300, CVE-2018-13305, CVE-2018-15822




SuSE SLED 15x86_64libavresample3-debuginfo-3.4.2-4.12.4libavcodec-devel-3.4.2-4.12.4libavresample3-3.4.2-4.12.4ffmpeg-debugsource-3.4.2-4.12.4libavresample-devel-3.4.2-4.12.4libavformat-devel-3.4.2-4.12.4libavformat57-3.4.2-4.12.4ffmpeg-debuginfo-3.4.2-4.12.4libavformat57-debuginfo-3.4.2-4.12.4


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-5800, CVE-2018-5801, CVE-2018-5802, CVE-2018-5805, CVE-2018-5806




OEL7x86_64libkdcraw-devel-4.10.5-5.el7libkdcraw-4.10.5-5.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10911

DescriptionThe scan detected that the host is missing the following update:

ELSA-2018-3242



OEL7x86_64glusterfs-api-3.12.2-18.el7glusterfs-devel-3.12.2-18.el7python2-gluster-3.12.2-18.el7glusterfs-client-xlators-3.12.2-18.el7glusterfs-fuse-3.12.2-18.el7glusterfs-3.12.2-18.el7glusterfs-libs-3.12.2-18.el7glusterfs-cli-3.12.2-18.el7glusterfs-rdma-3.12.2-18.el7glusterfs-api-devel-3.12.2-18.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2016-2183, CVE-2018-1060, CVE-2018-1061




OEL7x86_64python-2.7.5-76.0.1.el7python-tools-2.7.5-76.0.1.el7tkinter-2.7.5-76.0.1.el7python-debug-2.7.5-76.0.1.el7python-libs-2.7.5-76.0.1.el7python-devel-2.7.5-76.0.1.el7python-test-2.7.5-76.0.1.el7






OEL7x86_64sssd-krb5-common-1.16.2-13.el7sssd-dbus-1.16.2-13.el7libsss_idmap-devel-1.16.2-13.el7libsss_sudo-1.16.2-13.el7libsss_autofs-1.16.2-13.el7sssd-krb5-1.16.2-13.el7libsss_nss_idmap-1.16.2-13.el7libipa_hbac-devel-1.16.2-13.el7python-sss-murmur-1.16.2-13.el7sssd-ad-1.16.2-13.el7sssd-common-1.16.2-13.el7sssd-tools-1.16.2-13.el7python-libipa_hbac-1.16.2-13.el7sssd-proxy-1.16.2-13.el7libipa_hbac-1.16.2-13.el7sssd-libwbclient-1.16.2-13.el7sssd-1.16.2-13.el7libsss_certmap-devel-1.16.2-13.el7sssd-polkit-rules-1.16.2-13.el7libsss_certmap-1.16.2-13.el7sssd-client-1.16.2-13.el7sssd-common-pac-1.16.2-13.el7sssd-ldap-1.16.2-13.el7python-sssdconfig-1.16.2-13.el7sssd-winbind-idmap-1.16.2-13.el7libsss_nss_idmap-devel-1.16.2-13.el7libsss_simpleifp-devel-1.16.2-13.el7sssd-ipa-1.16.2-13.el7sssd-libwbclient-devel-1.16.2-13.el7python-sss-1.16.2-13.el7python-libsss_nss_idmap-1.16.2-13.el7libsss_simpleifp-1.16.2-13.el7libsss_idmap-1.16.2-13.el7sssd-kcm-1.16.2-13.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2016-9396, CVE-2017-1000050




OEL7x86_64jasper-devel-1.900.1-33.el7jasper-libs-1.900.1-33.el7jasper-1.900.1-33.el7jasper-utils-1.900.1-33.el7






OEL7x86_64xerces-c-devel-3.1.1-9.el7xerces-c-3.1.1-9.el7xerces-c-doc-3.1.1-9.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-3735, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737, CVE-2018-0739




OEL7x86_64openssl-1.0.2k-16.0.1.el7openssl-libs-1.0.2k-16.0.1.el7openssl-devel-1.0.2k-16.0.1.el7openssl-static-1.0.2k-16.0.1.el7openssl-perl-1.0.2k-16.0.1.el7

171031 - Amazon Linux AMI ALAS-2018-1098 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-0732

DescriptionThe scan detected that the host is missing the following update:ALAS-2018-1098


https://alas.aws.amazon.com/ALAS-2018-1098.html

Amazon Linux AMIx86_64openssl-debuginfo-1.0.2k-13.111.amzn1openssl-devel-1.0.2k-13.111.amzn1openssl-static-1.0.2k-13.111.amzn1openssl-perl-1.0.2k-13.111.amzn1openssl-1.0.2k-13.111.amzn1

i686openssl-debuginfo-1.0.2k-13.111.amzn1openssl-devel-1.0.2k-13.111.amzn1openssl-static-1.0.2k-13.111.amzn1openssl-perl-1.0.2k-13.111.amzn1openssl-1.0.2k-13.111.amzn1

194377 - Fedora Linux 29 FEDORA-2018-7734354526 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2016-10349, CVE-2016-10350, CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-7734354526


https://lists.fedoraproject.org/archives/list/[email protected]/2018/10/?count=200&page=1

Fedora Core 29

libarchive-3.3.3-1.fc29

194391 - Fedora Linux 29 FEDORA-2018-6fa1017c1d Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: Medium

CVE: CVE-2018-14574

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-6fa1017c1d



Fedora Core 29

python-django-2.0.9-1.fc29


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16422, CVE-2018-16423, CVE-2018-16426, CVE-2018-16427




SuSE SLED 12 SP3x86_64opensc-0.13.0-3.3.2opensc-debuginfo-0.13.0-3.3.2opensc-debugsource-0.13.0-3.3.2

SuSE SLES 12 SP3x86_64opensc-0.13.0-3.3.2opensc-debuginfo-0.13.0-3.3.2opensc-debugsource-0.13.0-3.3.2


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12381, CVE-2018-12383, CVE-2018-12385, CVE-2018-12386, CVE-2018-12387




SuSE SLED 12 SP3x86_64mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3mozilla-nss-debuginfo-32bit-3.36.4-58.15.3libfreebl3-32bit-3.36.4-58.15.3libsoftokn3-debuginfo-32bit-3.36.4-58.15.3mozilla-nss-certs-debuginfo-3.36.4-58.15.3mozilla-nss-tools-debuginfo-3.36.4-58.15.3mozilla-nspr-debuginfo-32bit-4.19-19.3.1libsoftokn3-debuginfo-3.36.4-58.15.3mozilla-nss-certs-32bit-3.36.4-58.15.3MozillaFirefox-debugsource-60.2.2esr-109.46.1mozilla-nss-certs-3.36.4-58.15.3mozilla-nss-sysinit-3.36.4-58.15.3mozilla-nss-debuginfo-3.36.4-58.15.3libsoftokn3-32bit-3.36.4-58.15.3mozilla-nspr-debugsource-4.19-19.3.1mozilla-nss-32bit-3.36.4-58.15.3libsoftokn3-3.36.4-58.15.3mozilla-nspr-4.19-19.3.1mozilla-nspr-32bit-4.19-19.3.1MozillaFirefox-60.2.2esr-109.46.1mozilla-nss-sysinit-32bit-3.36.4-58.15.3mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3mozilla-nss-tools-3.36.4-58.15.3MozillaFirefox-branding-SLE-60-32.3.1libfreebl3-debuginfo-32bit-3.36.4-58.15.3libfreebl3-debuginfo-3.36.4-58.15.3mozilla-nss-3.36.4-58.15.3mozilla-nss-debugsource-3.36.4-58.15.3mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3mozilla-nspr-debuginfo-4.19-19.3.1MozillaFirefox-translations-common-60.2.2esr-109.46.1MozillaFirefox-debuginfo-60.2.2esr-109.46.1libfreebl3-3.36.4-58.15.3

SuSE SLES 12 SP3x86_64libsoftokn3-hmac-3.36.4-58.15.3mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3mozilla-nss-debuginfo-32bit-3.36.4-58.15.3mozilla-nss-debugsource-3.36.4-58.15.3libfreebl3-hmac-3.36.4-58.15.3libsoftokn3-debuginfo-32bit-3.36.4-58.15.3mozilla-nss-certs-debuginfo-3.36.4-58.15.3mozilla-nspr-debuginfo-32bit-4.19-19.3.1mozilla-nss-certs-32bit-3.36.4-58.15.3libsoftokn3-debuginfo-3.36.4-58.15.3mozilla-nss-tools-debuginfo-3.36.4-58.15.3MozillaFirefox-debugsource-60.2.2esr-109.46.1mozilla-nss-certs-3.36.4-58.15.3mozilla-nss-sysinit-3.36.4-58.15.3mozilla-nss-debuginfo-3.36.4-58.15.3

libsoftokn3-32bit-3.36.4-58.15.3mozilla-nspr-debugsource-4.19-19.3.1mozilla-nss-32bit-3.36.4-58.15.3libsoftokn3-3.36.4-58.15.3libfreebl3-debuginfo-3.36.4-58.15.3libsoftokn3-hmac-32bit-3.36.4-58.15.3mozilla-nspr-32bit-4.19-19.3.1apache2-mod_nss-debuginfo-1.0.14-19.6.3MozillaFirefox-debuginfo-60.2.2esr-109.46.1libfreebl3-32bit-3.36.4-58.15.3MozillaFirefox-60.2.2esr-109.46.1mozilla-nss-sysinit-32bit-3.36.4-58.15.3mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3libfreebl3-hmac-32bit-3.36.4-58.15.3apache2-mod_nss-debugsource-1.0.14-19.6.3mozilla-nss-tools-3.36.4-58.15.3MozillaFirefox-branding-SLE-60-32.3.1libfreebl3-debuginfo-32bit-3.36.4-58.15.3mozilla-nss-3.36.4-58.15.3apache2-mod_nss-1.0.14-19.6.3mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3mozilla-nspr-debuginfo-4.19-19.3.1MozillaFirefox-translations-common-60.2.2esr-109.46.1mozilla-nspr-4.19-19.3.1libfreebl3-3.36.4-58.15.3

147309 - SuSE SLES 11 SP4 SUSE-SU-2018:3621-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16422, CVE-2018-16423, CVE-2018-16427




SuSE SLES 11 SP4i586libopensc2-0.11.6-5.27.3.1opensc-0.11.6-5.27.3.1

x86_64opensc-32bit-0.11.6-5.27.3.1opensc-0.11.6-5.27.3.1libopensc2-32bit-0.11.6-5.27.3.1libopensc2-0.11.6-5.27.3.1


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes

Risk Level: MediumCVE: CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12386, CVE-2018-12387, CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397




OEL6x86_64firefox-60.3.0-1.0.1.el6






OEL7x86_64OVMF-20180508-3.gitee3198e672e2.el7






OEL7x86_64gnutls-utils-3.3.29-8.0.1.el7gnutls-c++-3.3.29-8.0.1.el7gnutls-3.3.29-8.0.1.el7gnutls-devel-3.3.29-8.0.1.el7gnutls-dane-3.3.29-8.0.1.el7






OEL7x86_64setup-2.8.71-10.el7






OEL7x86_64zziplib-0.13.62-9.el7zziplib-utils-0.13.62-9.el7zziplib-devel-0.13.62-9.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: Medium

CVE: CVE-2018-6764




OEL7x86_64libvirt-login-shell-4.5.0-10.el7libvirt-daemon-driver-nodedev-4.5.0-10.el7libvirt-daemon-kvm-4.5.0-10.el7libvirt-client-4.5.0-10.el7libvirt-daemon-driver-storage-core-4.5.0-10.el7libvirt-daemon-driver-lxc-4.5.0-10.el7libvirt-daemon-driver-storage-logical-4.5.0-10.el7libvirt-docs-4.5.0-10.el7libvirt-daemon-driver-storage-gluster-4.5.0-10.el7libvirt-devel-4.5.0-10.el7libvirt-daemon-config-nwfilter-4.5.0-10.el7libvirt-bash-completion-4.5.0-10.el7libvirt-daemon-driver-nwfilter-4.5.0-10.el7libvirt-daemon-driver-interface-4.5.0-10.el7libvirt-lock-sanlock-4.5.0-10.el7libvirt-daemon-driver-secret-4.5.0-10.el7libvirt-daemon-driver-storage-4.5.0-10.el7libvirt-daemon-driver-storage-rbd-4.5.0-10.el7libvirt-daemon-lxc-4.5.0-10.el7libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7libvirt-daemon-4.5.0-10.el7libvirt-admin-4.5.0-10.el7libvirt-nss-4.5.0-10.el7libvirt-daemon-config-network-4.5.0-10.el7libvirt-daemon-driver-qemu-4.5.0-10.el7libvirt-daemon-driver-network-4.5.0-10.el7libvirt-daemon-driver-storage-mpath-4.5.0-10.el7libvirt-daemon-driver-storage-disk-4.5.0-10.el7libvirt-4.5.0-10.el7libvirt-daemon-driver-storage-scsi-4.5.0-10.el7libvirt-libs-4.5.0-10.el7

175466 - Scientific Linux Security ERRATA Important: thunderbird on SL6.x i386/x86_64 (1810-13678)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: MediumCVE: CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: thunderbird on SL6.x i386/x86_64 (1810-13678)



SL6x86_64thunderbird-debuginfo-60.2.1-5.el6thunderbird-60.2.1-5.el6

i386thunderbird-debuginfo-60.2.1-5.el6thunderbird-60.2.1-5.el6

196179 - Red Hat Enterprise Linux RHSA-2018-3458 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385

DescriptionThe scan detected that the host is missing the following update:RHSA-2018-3458


http://www.redhat.com/archives/rhsa-announce/2018-November/msg00001.html

RHEL7Dx86_64thunderbird-60.2.1-4.el7_5thunderbird-debuginfo-60.2.1-4.el7_5

RHEL7Sx86_64thunderbird-60.2.1-4.el7_5thunderbird-debuginfo-60.2.1-4.el7_5

RHEL7WSx86_64thunderbird-60.2.1-4.el7_5thunderbird-debuginfo-60.2.1-4.el7_5

88985 - Slackware Linux 14.0, 14.1, 14.2 SSA:2018-304-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: LowCVE: CVE-2018-16839, CVE-2018-16840, CVE-2018-16842

DescriptionThe scan detected that the host is missing the following update:SSA:2018-304-01


http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.432448

Slackware 14.0x86_64curl-7.62.0-x86_64-1


i586curl-7.62.0-i586-1



Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-16839, CVE-2018-16842




Debian 9.0allcurl_7.52.1-5+deb9u8


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-16395, CVE-2018-16396




Debian 9.0allruby2.3_2.3.3-1+deb9u4


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-18820




Debian 9.0allicecast2_2.4.2-1+deb9u1


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-17462, CVE-2018-17463, CVE-2018-17464, CVE-2018-17465, CVE-2018-17466, CVE-2018-17467, CVE-2018-17468, CVE-2018-17469, CVE-2018-17470, CVE-2018-17471, CVE-2018-17473, CVE-2018-17474, CVE-2018-17475, CVE-2018-17476, CVE-2018-17477, CVE-2018-5179




Debian 9.0allchromium-shell_70.0.3538.67-1~deb9u1chromium-l10n_70.0.3538.67-1~deb9u1chromedriver_70.0.3538.67-1~deb9u1chromium_70.0.3538.67-1~deb9u1chromium-driver_70.0.3538.67-1~deb9u1chromium-widevine_70.0.3538.67-1~deb9u1


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: LowCVE: CVE-2018-14526




OEL7x86_64wpa_supplicant-2.6-12.el7

182830 - FreeBSD NGINX Multiple Vulnerabilities (84ca56be-e1de-11e8-bcfd-00e04c1ea73d)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-16843, CVE-2018-16844, CVE-2018-16845

DescriptionThe scan detected that the host is missing the following update:NGINX -- Multiple vulnerabilities (84ca56be-e1de-11e8-bcfd-00e04c1ea73d)


http://www.vuxml.org/freebsd/84ca56be-e1de-11e8-bcfd-00e04c1ea73d.html

Affected packages: nginx < 1.14.1nginx-devel < 1.15.6

182831 - FreeBSD curl Multiple Vulnerabilities (e0ab1773-07c1-46c6-9170-4c5e81c00927)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-16839, CVE-2018-16840, CVE-2018-16842

DescriptionThe scan detected that the host is missing the following update:curl -- multiple vulnerabilities (e0ab1773-07c1-46c6-9170-4c5e81c00927)


http://www.vuxml.org/freebsd/e0ab1773-07c1-46c6-9170-4c5e81c00927.html

Affected packages: 7.14.1 <= curl < 7.60.0

182832 - FreeBSD Gitlab SSRF In Kubernetes Integration (b51d9e83-de08-11e8-9416-001b217b3468)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-18843

DescriptionThe scan detected that the host is missing the following update:Gitlab -- SSRF in Kubernetes integration (b51d9e83-de08-11e8-9416-001b217b3468)


http://www.vuxml.org/freebsd/b51d9e83-de08-11e8-9416-001b217b3468.html

Affected packages: 11.4.0 <= gitlab-ce < 11.4.411.3.0 <= gitlab-ce < 11.3.911.0.0 <= gitlab-ce < 11.2.8

182833 - FreeBSD Loofah XSS Vulnerability (36a2a89e-7ee1-4ea4-ae22-7ca38019c8d0)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-16468

DescriptionThe scan detected that the host is missing the following update:Loofah -- XSS vulnerability (36a2a89e-7ee1-4ea4-ae22-7ca38019c8d0)


http://www.vuxml.org/freebsd/36a2a89e-7ee1-4ea4-ae22-7ca38019c8d0.html

Affected packages: rubygem-loofah < 2.2.3

182834 - FreeBSD gitea Remote Code Exeution (deb4f633-de1d-11e8-a9fb-080027f43a02)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:gitea -- remote code exeution (deb4f633-de1d-11e8-a9fb-080027f43a02)

Observation

Updates often remediate critical security problems that should be quickly addressed.For more information see:

http://www.vuxml.org/freebsd/deb4f633-de1d-11e8-a9fb-080027f43a02.html

Affected packages: gitea < 1.5.3


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2017-15705, CVE-2018-11780, CVE-2018-11781




Ubuntu 16.04

spamassassin_3.4.2-0ubuntu0.16.04.1

Ubuntu 14.04


Ubuntu 18.04



Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-15688




Ubuntu 16.04

network-manager_1.2.6-0ubuntu0.16.04.3

Ubuntu 18.10

network-manager_1.12.4-1ubuntu1.1

Ubuntu 18.04

network-manager_1.10.6-2ubuntu1.1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-15688




Ubuntu 16.04

systemd_229-4ubuntu21.6

Ubuntu 18.10


Ubuntu 18.04


186461 - Ubuntu Linux 14.04, 16.04, 18.04, 18.10 USN-3805-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-16839, CVE-2018-16840, CVE-2018-16842



https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-October/004643.html

Ubuntu 16.04

curl_7.47.0-1ubuntu2.11libcurl3_7.47.0-1ubuntu2.11

libcurl3-gnutls_7.47.0-1ubuntu2.11libcurl3-nss_7.47.0-1ubuntu2.11

Ubuntu 18.10

curl_7.61.0-1ubuntu2.2libcurl3-gnutls_7.61.0-1ubuntu2.2libcurl3-nss_7.61.0-1ubuntu2.2libcurl4_7.61.0-1ubuntu2.2

Ubuntu 14.04

libcurl3-nss_7.35.0-1ubuntu2.19curl_7.35.0-1ubuntu2.19libcurl3_7.35.0-1ubuntu2.19libcurl3-gnutls_7.35.0-1ubuntu2.19

Ubuntu 18.04

curl_7.58.0-2ubuntu3.5libcurl3-nss_7.58.0-2ubuntu3.5libcurl3-gnutls_7.58.0-2ubuntu3.5libcurl4_7.58.0-2ubuntu3.5

194375 - Fedora Linux 29 FEDORA-2018-7785911c9e Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-16839, CVE-2018-16840, CVE-2018-16842

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-7785911c9e



Fedora Core 29

curl-7.61.1-4.fc29

194376 - Fedora Linux 28 FEDORA-2018-928e15e1db Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-928e15e1db

ObservationUpdates often remediate critical security problems that should be quickly addressed.

For more information see:


Fedora Core 28

roundcubemail-1.3.8-1.fc28

194378 - Fedora Linux 29 FEDORA-2018-a24754252a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-18883

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-a24754252a



Fedora Core 29

xen-4.11.0-8.fc29

194379 - Fedora Linux 29 FEDORA-2018-5702dc9bdf Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-5702dc9bdf



Fedora Core 29

teeworlds-0.6.5-1.fc29

194380 - Fedora Linux 27 FEDORA-2018-d527206a77 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-d527206a77



Fedora Core 27

roundcubemail-1.3.8-1.fc27

194381 - Fedora Linux 29 FEDORA-2018-71d85bc8cd Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-71d85bc8cd



Fedora Core 29

NetworkManager-1.12.4-2.fc29

194382 - Fedora Linux 29 FEDORA-2018-c38dfccae3 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-c38dfccae3



Fedora Core 29

thunderbird-60.3.0-1.fc29

194383 - Fedora Linux 29 FEDORA-2018-c402eea18b Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-c402eea18b



Fedora Core 29

systemd-239-6.git9f3aed1.fc29

194384 - Fedora Linux 28 FEDORA-2018-63465e1846 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-63465e1846



Fedora Core 28


194385 - Fedora Linux 27 FEDORA-2018-b24201fc50 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-b24201fc50



Fedora Core 27


194386 - Fedora Linux 29 FEDORA-2018-06d56c8c9d Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-06d56c8c9d



Fedora Core 29

lldpad-1.0.1-12.git036e314.fc29

194387 - Fedora Linux 28 FEDORA-2018-2a33c35fea Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-2a33c35fea



Fedora Core 28

thunderbird-60.3.0-1.fc28

194388 - Fedora Linux 28 FEDORA-2018-1f3a47bfbb Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:

FEDORA-2018-1f3a47bfbb



Fedora Core 28

sos-collector-1.5-3.fc28

194389 - Fedora Linux 29 FEDORA-2018-4ab08fedd6 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-4ab08fedd6



Fedora Core 29

xorg-x11-server-1.20.3-1.fc29

194390 - Fedora Linux 27 FEDORA-2018-f2f8571abd Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-f2f8571abd



Fedora Core 27

sos-collector-1.5-3.fc27

194392 - Fedora Linux 29 FEDORA-2018-52262a02be Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes

Risk Level: LowCVE: CVE-2018-18074

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-52262a02be



Fedora Core 29

python-requests-2.20.0-1.fc29

194393 - Fedora Linux 28 FEDORA-2018-24bd6c9d4a Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-24bd6c9d4a



Fedora Core 28

systemd-238-10.git438ac26.fc28

194394 - Fedora Linux 28 FEDORA-2018-ce61c1147d Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-ce61c1147d



Fedora Core 28

java-11-openjdk-11.0.1.13-1.fc28

194395 - Fedora Linux 29 FEDORA-2018-7d138cfd7b Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-7d138cfd7b



Fedora Core 29

zchunk-0.9.14-1.fc29

194396 - Fedora Linux 27 FEDORA-2018-343ab5abbd Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-343ab5abbd



Fedora Core 27

firefox-63.0-2.fc27

194397 - Fedora Linux 29 FEDORA-2018-369ab0efc9 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-369ab0efc9

Observation

Updates often remediate critical security problems that should be quickly addressed.For more information see:


Fedora Core 29

java-11-openjdk-11.0.1.13-1.fc29

194398 - Fedora Linux 29 FEDORA-2018-a1f37d2f08 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-a1f37d2f08



Fedora Core 29

webkit2gtk3-2.22.3-1.fc29

194399 - Fedora Linux 28 FEDORA-2018-9324e844d9 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-9324e844d9



Fedora Core 28

python-requests-2.20.0-1.fc28


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:RHSA-2018-3456


http://www.redhat.com/archives/rhsa-announce/2018-November/msg00000.html

RHEL6noarchspacewalk-backend-iss-2.0.3-49.el6satspacewalk-backend-config-files-tool-2.0.3-49.el6satspacewalk-backend-config-files-common-2.0.3-49.el6satspacewalk-backend-tools-2.0.3-49.el6satspacewalk-backend-sql-2.0.3-49.el6satspacewalk-backend-xmlrpc-2.0.3-49.el6satspacewalk-backend-libs-2.0.3-49.el6satspacewalk-backend-iss-export-2.0.3-49.el6satspacewalk-backend-xml-export-libs-2.0.3-49.el6satspacewalk-backend-server-2.0.3-49.el6satspacewalk-backend-config-files-2.0.3-49.el6satspacewalk-backend-package-push-server-2.0.3-49.el6satspacewalk-backend-2.0.3-49.el6satspacewalk-backend-app-2.0.3-49.el6satspacewalk-backend-sql-postgresql-2.0.3-49.el6satspacewalk-backend-sql-oracle-2.0.3-49.el6satspacewalk-backend-applet-2.0.3-49.el6sat

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on avulnerability and anything else that improves upon an existing FSL check.


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2018-16741

Update DetailsRisk is updated

182794 - FreeBSD joomla3 Vulnerabilitiesw (bf2b9c56-b93e-11e8-b2a8-a4badb296695)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2018-15860, CVE-2018-15881, CVE-2018-15882


88971 - Slackware Linux 14.0, 14.1, 14.2 SSA:2018-229-02 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10858, CVE-2018-10919



Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10858, CVE-2018-10919



Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2018-15471, CVE-2018-18021


146967 - SuSE SLES 11 SP4 SUSE-SU-2018:2329-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10858





147007 - SuSE Linux 42.3 openSUSE-SU-2018:2396-1 Update Is Not Installed



147054 - SuSE Linux 15.0, 42.3 openSUSE-SU-2018:2591-1 Update Is Not Installed







Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-16554, CVE-2018-17088


182506 - FreeBSD chromium Stack Overflow In V8 (3cd46257-bbc5-11e7-a3bc-e8e0b747a45a)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2017-15396, CVE-2017-15406



Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139


191181 - Fedora Linux 23 FEDORA-2016-286a8ec5b0 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2016-1000232


194117 - Fedora Linux 28 FEDORA-2018-ad83f27a39 Update Is Not Installed



194142 - Fedora Linux 27 FEDORA-2018-6121f427e5 Update Is Not Installed



194180 - Fedora Linux 29 FEDORA-2018-8d58297dc0 Update Is Not Installed



194203 - Fedora Linux 28 FEDORA-2018-2062cd7548 Update Is Not Installed



194220 - Fedora Linux 27 FEDORA-2018-77d864ff39 Update Is Not Installed



194233 - Fedora Linux 29 FEDORA-2018-2f8f5f75f1 Update Is Not Installed




Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-12115



Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-12115


23037 - Google Chrome Multiple Vulnerabilities Prior To 64.0.3282.119

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2017-15420, CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036,CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054


23038 - Google Chrome Multiple Vulnerabilities Prior To 64.0.3282.119

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: MediumCVE: CVE-2017-15420, CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036,CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054


24092 - NVIDIA GeForce Experience Multiple Vulnerabilities 08-2018

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-6257, CVE-2018-6258, CVE-2018-6259


24168 - Microsoft Office 2016 Click-To-Run Sep 2018 Updates

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-8331, CVE-2018-8332, CVE-2018-8429, CVE-2018-8430



Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2017-15420, CVE-2017-15429, CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035,CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054



Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2018-16435


132306 - Oracle VM OVMSA-2016-0160 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: MediumCVE: CVE-2016-8635



Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: Medium

CVE: CVE-2017-15420, CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036,CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054



Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10853, CVE-2018-10902, CVE-2018-15572, CVE-2018-9363



Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-15430, CVE-2018-16065, CVE-2018-16066, CVE-2018-16067, CVE-2018-16068, CVE-2018-16069, CVE-2018-16070, CVE-2018-16071, CVE-2018-16073, CVE-2018-16074, CVE-2018-16075, CVE-2018-16076, CVE-2018-16077, CVE-2018-16078, CVE-2018-16079, CVE-2018-16080, CVE-2018-16081, CVE-2018-16082, CVE-2018-16083, CVE-2018-16084, CVE-2018-16085, CVE-2018-16086, CVE-2018-16087, CVE-2018-16088











182627 - FreeBSD chromium Multiple Vulnerabilities (8e986b2b-1baa-11e8-a944-54ee754af08e)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2017-15420, CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036,CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054


194197 - Fedora Linux 29 FEDORA-2018-6ac39c63c4 Update Is Not Installed



194228 - Fedora Linux 28 FEDORA-2018-1cb4c4a6d8 Update Is Not Installed



194264 - Fedora Linux 27 FEDORA-2018-3e9f26489b Update Is Not Installed




Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-16435, CVE-2018-17462, CVE-2018-17463, CVE-2018-17464, CVE-2018-17465, CVE-2018-17466, CVE-2018-17467, CVE-2018-17468, CVE-2018-17469, CVE-2018-17470, CVE-2018-17471, CVE-2018-17473, CVE-2018-17474, CVE-2018-17475, CVE-2018-17476, CVE-2018-17477, CVE-2018-5179

Update Details

Risk is updated


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10844, CVE-2018-10845, CVE-2018-10846


182819 - FreeBSD drupal Drupal Core - Multiple Vulnerabilities (140a14b5-d615-11e8-b3cb-00e04c1ea73d)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

Update DetailsFASLScript is updated

182829 - FreeBSD OpenSSL Multiple Vulnerabilities In 1.1 Branch (238ae7de-dba2-11e8-b713-b499baebfeaf)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-0734, CVE-2018-0735

Update DetailsFASLScript is updated

194114 - Fedora Linux 28 FEDORA-2018-4295467df0 Update Is Not Installed



194206 - Fedora Linux 27 FEDORA-2018-11ed8d95e2 Update Is Not Installed



HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we stronglyurge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any

critical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting"FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerabilityscripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability categoryand checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts willbe automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.comMulti-National Phone Support available here:

http://www.mcafee.com/us/about/contact/index.htmlNon-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution byothers is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2018 McAfee, Inc.McAfee is a registered trademark of McAfee, Inc. and/or its affiliates

https://mysupport.mcafee.com/

http://www.mcafee.com/us/about/contact/index.html

Documents

McAfee Foundstone FSL Update · 88971 - Slackware Linux 14.0, 14.1, 14.2 SSA:2018-229-02 Update Is Not Installed. Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes