{"id": "CVE-2007-2741", "bulletinFamily": "NVD", "title": "CVE-2007-2741", "description": "Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.", "published": "2007-05-17T19:30:00", "modified": "2017-07-29T01:31:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2741", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/25294", "http://www.ubuntu.com/usn/usn-652-1", "http://www.securityfocus.com/bid/24001", "http://www.vupen.com/english/advisories/2007/1837", "http://secunia.com/advisories/27756", "http://www.novell.com/linux/security/advisories/2007_24_sr.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/34331", "http://scary.beasts.org/security/CESA-2007-001.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2007:238", "http://secunia.com/advisories/32282", "http://osvdb.org/36179"], "cvelist": ["CVE-2007-2741"], "type": "cve", "lastseen": "2020-12-09T19:26:06", "edition": 5, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:136141256231065173", "OPENVAS:1361412562310121297", "OPENVAS:65967", "OPENVAS:65173", "OPENVAS:136141256231065967", "OPENVAS:840254", "OPENVAS:1361412562310121294"]}, {"type": "osvdb", "idList": ["OSVDB:36179"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8421", "SECURITYVULNS:DOC:18590"]}, {"type": "nessus", "idList": ["SUSE_LIBLCMS-4629.NASL", "SUSE9_11955.NASL", "SUSE_LIBLCMS-4626.NASL", "UBUNTU_USN-652-1.NASL", "GENTOO_GLSA-201412-08.NASL", "GENTOO_GLSA-201412-11.NASL"]}, {"type": "ubuntu", "idList": ["USN-652-1"]}, {"type": "gentoo", "idList": ["GLSA-201412-08", "GLSA-201412-11"]}], "modified": "2020-12-09T19:26:06", "rev": 2}, "score": {"value": 7.2, "vector": "NONE", "modified": "2020-12-09T19:26:06", "rev": 2}, "vulnersScore": 7.2}, "cpe": ["cpe:/a:littlecms:lcms:1.11", "cpe:/a:littlecms:lcms:1.10", "cpe:/a:littlecms:lcms:1.07", "cpe:/a:littlecms:lcms:1.09", "cpe:/a:littlecms:lcms:1.14", "cpe:/a:littlecms:lcms:1.12", "cpe:/a:littlecms:lcms:1.08", "cpe:/a:littlecms:lcms:1.13"], "affectedSoftware": [{"cpeName": "littlecms:lcms", "name": "littlecms lcms", "operator": "eq", "version": "1.10"}, {"cpeName": "littlecms:lcms", "name": "littlecms lcms", "operator": "eq", "version": "1.11"}, {"cpeName": "littlecms:lcms", "name": "littlecms lcms", "operator": "le", "version": "1.14"}, {"cpeName": "littlecms:lcms", "name": "littlecms lcms", "operator": "eq", "version": "1.13"}, {"cpeName": "littlecms:lcms", "name": "littlecms lcms", "operator": "eq", "version": "1.07"}, {"cpeName": "littlecms:lcms", "name": "littlecms lcms", "operator": "eq", "version": "1.08"}, {"cpeName": "littlecms:lcms", "name": "littlecms lcms", "operator": "eq", "version": "1.12"}, {"cpeName": "littlecms:lcms", "name": "littlecms lcms", "operator": "eq", "version": "1.09"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:littlecms:lcms:1.09:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.08:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.13:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.07:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.10:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.14:*:*:*:*:*:*:*"], "cwe": ["CWE-119"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:littlecms:lcms:1.13:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:littlecms:lcms:1.12:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:littlecms:lcms:1.08:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:littlecms:lcms:1.07:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:littlecms:lcms:1.11:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:littlecms:lcms:1.09:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:littlecms:lcms:1.14:*:*:*:*:*:*:*", "versionEndIncluding": "1.14", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:littlecms:lcms:1.10:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"openvas": [{"lastseen": "2018-04-06T11:40:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2741"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n liblcms\n liblcms-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065967", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065967", "type": "openvas", "title": "SLES10: Security update for liblcms,liblcms-devel", "sourceData": "#\n#VID slesp1-liblcms-4626\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for liblcms,liblcms-devel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n liblcms\n liblcms-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65967\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-2741\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for liblcms,liblcms-devel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"liblcms\", rpm:\"liblcms~1.15~12.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms-devel\", rpm:\"liblcms-devel~1.15~12.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2741"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n liblcms\n liblcms-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021001 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065173", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065173", "type": "openvas", "title": "SLES9: Security update for liblcms,liblcms-devel", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021001.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for liblcms,liblcms-devel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n liblcms\n liblcms-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021001 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65173\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2741\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for liblcms,liblcms-devel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"liblcms\", rpm:\"liblcms~1.12~55.5\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2741"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-652-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840254", "href": "http://plugins.openvas.org/nasl.php?oid=840254", "type": "openvas", "title": "Ubuntu Update for lcms vulnerability USN-652-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_652_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for lcms vulnerability USN-652-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Chris Evans discovered that certain ICC operations in lcms were not\n correctly bounds-checked. If a user or automated system were tricked\n into processing an image with malicious ICC tags, a remote attacker could\n crash applications linked against liblcms1, leading to a denial of service,\n or possibly execute arbitrary code with user privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-652-1\";\ntag_affected = \"lcms vulnerability on Ubuntu 6.06 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-652-1/\");\n script_id(840254);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"652-1\");\n script_cve_id(\"CVE-2007-2741\");\n script_name( \"Ubuntu Update for lcms vulnerability USN-652-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.13-1ubuntu0.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.13-1ubuntu0.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.13-1ubuntu0.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2741"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n liblcms\n liblcms-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021001 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65173", "href": "http://plugins.openvas.org/nasl.php?oid=65173", "type": "openvas", "title": "SLES9: Security update for liblcms,liblcms-devel", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021001.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for liblcms,liblcms-devel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n liblcms\n liblcms-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021001 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65173);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2741\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for liblcms,liblcms-devel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"liblcms\", rpm:\"liblcms~1.12~55.5\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2741"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n liblcms\n liblcms-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65967", "href": "http://plugins.openvas.org/nasl.php?oid=65967", "type": "openvas", "title": "SLES10: Security update for liblcms,liblcms-devel", "sourceData": "#\n#VID slesp1-liblcms-4626\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for liblcms,liblcms-devel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n liblcms\n liblcms-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65967);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-2741\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for liblcms,liblcms-devel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"liblcms\", rpm:\"liblcms~1.15~12.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms-devel\", rpm:\"liblcms-devel~1.15~12.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2026", "CVE-2007-4995", "CVE-2013-0339", "CVE-2010-1205", "CVE-2007-3108", "CVE-2007-2741", "CVE-2007-5269", "CVE-2013-0338", "CVE-2007-5135", "CVE-2007-5268", "CVE-2013-2877", "CVE-2007-5116", "CVE-2014-0160", "CVE-2007-5266", "CVE-2007-0720", "CVE-2013-1969", "CVE-2007-2445", "CVE-2013-1664", "CVE-2007-1536", "CVE-2007-5849"], "description": "Gentoo Linux Local Security Checks GLSA 201412-11", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121297", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121297", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-11", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-11.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121297\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:08 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-11\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-11\");\n script_cve_id(\"CVE-2007-0720\", \"CVE-2007-1536\", \"CVE-2007-2026\", \"CVE-2007-2445\", \"CVE-2007-2741\", \"CVE-2007-3108\", \"CVE-2007-4995\", \"CVE-2007-5116\", \"CVE-2007-5135\", \"CVE-2007-5266\", \"CVE-2007-5268\", \"CVE-2007-5269\", \"CVE-2007-5849\", \"CVE-2010-1205\", \"CVE-2013-0338\", \"CVE-2013-0339\", \"CVE-2013-1664\", \"CVE-2013-1969\", \"CVE-2013-2877\", \"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-11\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-emulation/emul-linux-x86-baselibs\", unaffected: make_list(\"ge 20140406-r1\"), vulnerable: make_list(\"lt 20140406-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2060", "CVE-2009-4411", "CVE-2008-0553", "CVE-2009-0946", "CVE-2010-1511", "CVE-2009-0361", "CVE-2008-6218", "CVE-2008-5907", "CVE-2010-0436", "CVE-2010-1205", "CVE-2007-2741", "CVE-2010-0829", "CVE-2009-4896", "CVE-2010-2945", "CVE-2010-2809", "CVE-2009-0040", "CVE-2010-2192", "CVE-2010-2056", "CVE-2009-2042", "CVE-2010-0001", "CVE-2008-6661", "CVE-2010-2529", "CVE-2009-4029", "CVE-2006-3005", "CVE-2010-2251", "CVE-2009-0360", "CVE-2010-0732", "CVE-2008-1382", "CVE-2009-3736", "CVE-2010-1000", "CVE-2009-2624"], "description": "Gentoo Linux Local Security Checks GLSA 201412-08", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121294", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121294", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-08", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-08.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121294\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:04 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-08\");\n script_tag(name:\"insight\", value:\"Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-08\");\n script_cve_id(\"CVE-2006-3005\", \"CVE-2007-2741\", \"CVE-2008-0553\", \"CVE-2008-1382\", \"CVE-2008-5907\", \"CVE-2008-6218\", \"CVE-2008-6661\", \"CVE-2009-0040\", \"CVE-2009-0360\", \"CVE-2009-0361\", \"CVE-2009-0946\", \"CVE-2009-2042\", \"CVE-2009-2624\", \"CVE-2009-3736\", \"CVE-2009-4029\", \"CVE-2009-4411\", \"CVE-2009-4896\", \"CVE-2010-0001\", \"CVE-2010-0436\", \"CVE-2010-0732\", \"CVE-2010-0829\", \"CVE-2010-1000\", \"CVE-2010-1205\", \"CVE-2010-1511\", \"CVE-2010-2056\", \"CVE-2010-2060\", \"CVE-2010-2192\", \"CVE-2010-2251\", \"CVE-2010-2529\", \"CVE-2010-2809\", \"CVE-2010-2945\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-08\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-util/insight\", unaffected: make_list(\"ge 6.7.1-r1\"), vulnerable: make_list(\"lt 6.7.1-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-perl/perl-tk\", unaffected: make_list(\"ge 804.028-r2\"), vulnerable: make_list(\"lt 804.028-r2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-util/sourcenav\", unaffected: make_list(\"ge 5.1.4\"), vulnerable: make_list(\"lt 5.1.4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/tk\", unaffected: make_list(\"ge 8.4.18-r1\"), vulnerable: make_list(\"lt 8.4.18-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-block/partimage\", unaffected: make_list(\"ge 0.6.8\"), vulnerable: make_list(\"lt 0.6.8\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-antivirus/bitdefender-console\", unaffected: make_list(), vulnerable: make_list(\"lt 7.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-mail/mlmmj\", unaffected: make_list(\"ge 1.2.17.1\"), vulnerable: make_list(\"lt 1.2.17.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-apps/acl\", unaffected: make_list(\"ge 2.2.49\"), vulnerable: make_list(\"lt 2.2.49\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-apps/xinit\", unaffected: make_list(\"ge 1.2.0-r4\"), vulnerable: make_list(\"lt 1.2.0-r4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-arch/gzip\", unaffected: make_list(\"ge 1.4\"), vulnerable: make_list(\"lt 1.4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-arch/ncompress\", unaffected: make_list(\"ge 4.2.4.3\"), vulnerable: make_list(\"lt 4.2.4.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/liblzw\", unaffected: make_list(\"ge 0.2\"), vulnerable: make_list(\"lt 0.2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-gfx/splashutils\", unaffected: make_list(\"ge 1.5.4.3-r3\"), vulnerable: make_list(\"lt 1.5.4.3-r3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-devel/m4\", unaffected: make_list(\"ge 1.4.14-r1\"), vulnerable: make_list(\"lt 1.4.14-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"kde-base/kdm\", unaffected: make_list(\"ge 4.3.5-r1\"), vulnerable: make_list(\"lt 4.3.5-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/gtk+\", unaffected: make_list(\"ge 2.18.7\"), vulnerable: make_list(\"lt 2.18.7\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"kde-base/kget\", unaffected: make_list(\"ge 4.3.5-r1\"), vulnerable: make_list(\"lt 4.3.5-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-text/dvipng\", unaffected: make_list(\"ge 1.13\"), vulnerable: make_list(\"lt 1.13\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-misc/beanstalkd\", unaffected: make_list(\"ge 1.4.6\"), vulnerable: make_list(\"lt 1.4.6\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-apps/pmount\", unaffected: make_list(\"ge 0.9.23\"), vulnerable: make_list(\"lt 0.9.23\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-auth/pam_krb5\", unaffected: make_list(\"ge 4.3\"), vulnerable: make_list(\"lt 4.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-text/gv\", unaffected: make_list(\"ge 3.7.1\"), vulnerable: make_list(\"lt 3.7.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-ftp/lftp\", unaffected: make_list(\"ge 4.0.6\"), vulnerable: make_list(\"lt 4.0.6\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/uzbl\", unaffected: make_list(\"ge 2010.08.05\"), vulnerable: make_list(\"lt 2010.08.05\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-misc/slim\", unaffected: make_list(\"ge 1.3.2\"), vulnerable: make_list(\"lt 1.3.2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/iputils\", unaffected: make_list(\"ge 20100418\"), vulnerable: make_list(\"lt 20100418\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-tv/dvbstreamer\", unaffected: make_list(\"ge 1.1-r1\"), vulnerable: make_list(\"lt 1.1-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-2741"], "description": "## Solution Description\nUpgrade to version 1.15 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Secunia Advisory ID:27756](https://secuniaresearch.flexerasoftware.com/advisories/27756/)\n[Secunia Advisory ID:25294](https://secuniaresearch.flexerasoftware.com/advisories/25294/)\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-11/msg00003.html\nOther Advisory URL: http://scary.beasts.org/security/CESA-2007-001.html\nISS X-Force ID: 34331\nFrSIRT Advisory: ADV-2007-1837\n[CVE-2007-2741](https://vulners.com/cve/CVE-2007-2741)\nBugtraq ID: 24001\n", "edition": 1, "modified": "2007-05-15T04:48:24", "published": "2007-05-15T04:48:24", "href": "https://vulners.com/osvdb/OSVDB:36179", "id": "OSVDB:36179", "title": "Little cms ICC Profile Parsing Overflow", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-2741"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2007:238\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : liblcms\r\n Date : December 6, 2007\r\n Affected: Corporate 3.0, Corporate 4.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Stack-based buffer overflow in Little CMS &#40;lcms&#41; before 1.15 allows\r\n remote attackers to execute arbitrary code or cause a denial of service\r\n &#40;application crash&#41; via a crafted ICC profile in a JPG file.\r\n \r\n Updated package fixes this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2741\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Corporate 3.0:\r\n 67235f6fbaa2e362cc0c1d52649d18d3 corporate/3.0/i586/liblcms1-1.10-1.1.C30mdk.i586.rpm\r\n 805fa6864cf88a13b941ec4e413c71e0 corporate/3.0/i586/liblcms1-devel-1.10-1.1.C30mdk.i586.rpm \r\n 293cca953384a2f3bac3cc2ea65b1b55 corporate/3.0/SRPMS/liblcms-1.10-1.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 78a9e7f2ea86ff138e07237c3b5d5bbe corporate/3.0/x86_64/lib64lcms1-1.10-1.1.C30mdk.x86_64.rpm\r\n d5e8741839d23244b7cb357ef3cf8dbf corporate/3.0/x86_64/lib64lcms1-devel-1.10-1.1.C30mdk.x86_64.rpm \r\n 293cca953384a2f3bac3cc2ea65b1b55 corporate/3.0/SRPMS/liblcms-1.10-1.1.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n 005f430298518600444476df0864ae5d corporate/4.0/i586/liblcms1-1.14-1.1.20060mlcs4.i586.rpm\r\n 9ddc51c13d7b905cc519b1e01923001d corporate/4.0/i586/liblcms1-devel-1.14-1.1.20060mlcs4.i586.rpm \r\n 2bea4f9e697ab0ff649e626f4d66681c corporate/4.0/SRPMS/liblcms-1.14-1.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 79be0e773bb6dd1736e5249801dedd36 corporate/4.0/x86_64/lib64lcms1-1.14-1.1.20060mlcs4.x86_64.rpm\r\n f4b498d695b67bdb99598c8d752c9176 corporate/4.0/x86_64/lib64lcms1-devel-1.14-1.1.20060mlcs4.x86_64.rpm \r\n 2bea4f9e697ab0ff649e626f4d66681c corporate/4.0/SRPMS/liblcms-1.14-1.1.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFHWDdtmqjQ0CJFipgRAkFkAJ9Xi9oDeVwkzqZdNX9deNA5AJBJ8QCgwdKZ\r\nNpW/aR+9SgA2cLUt/jh9S/0=\r\n=hEgI\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2007-12-07T00:00:00", "published": "2007-12-07T00:00:00", "id": "SECURITYVULNS:DOC:18590", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18590", "title": "[ MDKSA-2007:238 ] - Updated liblcms package fixes buffer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-2741"], "description": "Buffer overflow on JPEG ICC profile processing.", "edition": 1, "modified": "2007-12-07T00:00:00", "published": "2007-12-07T00:00:00", "id": "SECURITYVULNS:VULN:8421", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8421", "title": "liblcms / lcms buffer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-17T14:46:23", "description": "This update addresses security bugs in liblcms that occurred while\nparsing ICC profiles in JPEG images. (CVE-2007-2741) Remote attackers\ncan exploit this bug to execute arbitrary commands or cause\ndenial-of-service.", "edition": 23, "published": "2007-11-12T00:00:00", "title": "openSUSE 10 Security Update : liblcms (liblcms-4629)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2741"], "modified": "2007-11-12T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:liblcms-32bit", "p-cpe:/a:novell:opensuse:liblcms", "p-cpe:/a:novell:opensuse:liblcms-devel-32bit", "p-cpe:/a:novell:opensuse:liblcms-devel", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_LIBLCMS-4629.NASL", "href": "https://www.tenable.com/plugins/nessus/28175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update liblcms-4629.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28175);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2741\");\n\n script_name(english:\"openSUSE 10 Security Update : liblcms (liblcms-4629)\");\n script_summary(english:\"Check for the liblcms-4629 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses security bugs in liblcms that occurred while\nparsing ICC profiles in JPEG images. (CVE-2007-2741) Remote attackers\ncan exploit this bug to execute arbitrary commands or cause\ndenial-of-service.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liblcms packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblcms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblcms-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblcms-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblcms-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"liblcms-1.15-12.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"liblcms-devel-1.15-12.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"liblcms-32bit-1.15-12.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"liblcms-devel-32bit-1.15-12.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"liblcms-1.15-32\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"liblcms-devel-1.15-32\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"liblcms-32bit-1.15-32\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"liblcms-devel-32bit-1.15-32\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"liblcms-1.16-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"liblcms-devel-1.16-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"liblcms-32bit-1.16-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"liblcms-devel-32bit-1.16-39.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lcms\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:13", "description": "Various security issues in liblcms have been found that occur while\nparsing ICC profiles in JPEG images. A remote attacker can exploit\nthese bugs to execute arbitrary commands or cause denial-of-service by\ntricking the user to view a specially crafted JPEG image.\n\nThis issue has been tracked by CVE-2007-2741.", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : liblcms,liblcms-devel (YOU Patch Number 11955)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2741"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_11955.NASL", "href": "https://www.tenable.com/plugins/nessus/41163", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41163);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2741\");\n\n script_name(english:\"SuSE9 Security Update : liblcms,liblcms-devel (YOU Patch Number 11955)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security issues in liblcms have been found that occur while\nparsing ICC profiles in JPEG images. A remote attacker can exploit\nthese bugs to execute arbitrary commands or cause denial-of-service by\ntricking the user to view a specially crafted JPEG image.\n\nThis issue has been tracked by CVE-2007-2741.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2741.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 11955.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"liblcms-1.12-55.5\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"liblcms-devel-1.12-55.5\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"liblcms-32bit-9-200711060115\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:23", "description": "This update addresses security bugs in liblcms that occurred while\nparsing ICC profiles in JPEG images. (CVE-2007-2741) Remote attackers\ncan exploit this bug to execute arbitrary commands or cause\ndenial-of-service.", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : liblcms,liblcms-devel (ZYPP Patch Number 4626)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2741"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBLCMS-4626.NASL", "href": "https://www.tenable.com/plugins/nessus/29504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29504);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2741\");\n\n script_name(english:\"SuSE 10 Security Update : liblcms,liblcms-devel (ZYPP Patch Number 4626)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses security bugs in liblcms that occurred while\nparsing ICC profiles in JPEG images. (CVE-2007-2741) Remote attackers\ncan exploit this bug to execute arbitrary commands or cause\ndenial-of-service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2741.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4626.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"liblcms-1.15-12.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"liblcms-devel-1.15-12.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"liblcms-32bit-1.15-12.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"liblcms-devel-32bit-1.15-12.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"liblcms-1.15-12.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"liblcms-devel-1.15-12.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"liblcms-32bit-1.15-12.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"liblcms-devel-32bit-1.15-12.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:17", "description": "Chris Evans discovered that certain ICC operations in lcms were not\ncorrectly bounds-checked. If a user or automated system were tricked\ninto processing an image with malicious ICC tags, a remote attacker\ncould crash applications linked against liblcms1, leading to a denial\nof service, or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Ubuntu 6.06 LTS : lcms vulnerability (USN-652-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2007-2741", "CVE-2008-5317"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:liblcms1-dev", "p-cpe:/a:canonical:ubuntu_linux:liblcms1", "p-cpe:/a:canonical:ubuntu_linux:liblcms-utils", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-652-1.NASL", "href": "https://www.tenable.com/plugins/nessus/37333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-652-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37333);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-2741\", \"CVE-2008-5316\", \"CVE-2008-5317\");\n script_xref(name:\"USN\", value:\"652-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS : lcms vulnerability (USN-652-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chris Evans discovered that certain ICC operations in lcms were not\ncorrectly bounds-checked. If a user or automated system were tricked\ninto processing an image with malicious ICC tags, a remote attacker\ncould crash applications linked against liblcms1, leading to a denial\nof service, or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/652-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected liblcms-utils, liblcms1 and / or liblcms1-dev\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblcms-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblcms1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblcms1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"liblcms-utils\", pkgver:\"1.13-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"liblcms1\", pkgver:\"1.13-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"liblcms1-dev\", pkgver:\"1.13-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblcms-utils / liblcms1 / liblcms1-dev\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:56:34", "description": "The remote host is affected by the vulnerability described in GLSA-201412-11\n(AMD64 x86 emulation base libraries: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in AMD64 x86 emulation\n base libraries. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker may be able to execute arbitrary code,\n cause a Denial of Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-12-15T00:00:00", "title": "GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2026", "CVE-2007-4995", "CVE-2013-0339", "CVE-2010-1205", "CVE-2007-3108", "CVE-2007-2741", "CVE-2007-5269", "CVE-2013-0338", "CVE-2007-5135", "CVE-2007-5268", "CVE-2013-2877", "CVE-2007-5116", "CVE-2014-0160", "CVE-2007-5266", "CVE-2007-0720", "CVE-2013-1969", "CVE-2007-2445", "CVE-2013-1664", "CVE-2007-1536", "CVE-2007-5849"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:emul-linux-x86-baselibs"], "id": "GENTOO_GLSA-201412-11.NASL", "href": "https://www.tenable.com/plugins/nessus/79964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-11.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79964);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-0720\", \"CVE-2007-1536\", \"CVE-2007-2026\", \"CVE-2007-2445\", \"CVE-2007-2741\", \"CVE-2007-3108\", \"CVE-2007-4995\", \"CVE-2007-5116\", \"CVE-2007-5135\", \"CVE-2007-5266\", \"CVE-2007-5268\", \"CVE-2007-5269\", \"CVE-2007-5849\", \"CVE-2010-1205\", \"CVE-2013-0338\", \"CVE-2013-0339\", \"CVE-2013-1664\", \"CVE-2013-1969\", \"CVE-2013-2877\", \"CVE-2014-0160\");\n script_bugtraq_id(41174, 58180, 58892, 59000, 59265, 61050, 66690);\n script_xref(name:\"GLSA\", value:\"201412-11\");\n\n script_name(english:\"GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-11\n(AMD64 x86 emulation base libraries: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in AMD64 x86 emulation\n base libraries. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker may be able to execute arbitrary code,\n cause a Denial of Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-11\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All users of the AMD64 x86 emulation base libraries should upgrade to\n the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/emul-linux-x86-baselibs-20140406-r1'\n NOTE: One or more of the issues described in this advisory have been\n fixed in previous updates. They are included in this advisory for the\n sake of completeness. It is likely that your system is already no longer\n affected by them.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:emul-linux-x86-baselibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/emul-linux-x86-baselibs\", unaffected:make_list(\"ge 20140406-r1\"), vulnerable:make_list(\"lt 20140406-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"AMD64 x86 emulation base libraries\");\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}, {"lastseen": "2021-01-07T10:56:31", "description": "The remote host is affected by the vulnerability described in GLSA-201412-08\n(Multiple packages, Multiple vulnerabilities fixed in 2010)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n Insight\n Perl Tk Module\n Source-Navigator\n Tk\n Partimage\n Mlmmj\n acl\n Xinit\n gzip\n ncompress\n liblzw\n splashutils\n GNU M4\n KDE Display Manager\n GTK+\n KGet\n dvipng\n Beanstalk\n Policy Mount\n pam_krb5\n GNU gv\n LFTP\n Uzbl\n Slim\n Bitdefender Console\n iputils\n DVBStreamer\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, cause Denial of Service, obtain sensitive\n information, or otherwise bypass security restrictions.\n \nWorkaround :\n\n There are no known workarounds at this time.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-12-15T00:00:00", "title": "GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2060", "CVE-2009-4411", "CVE-2008-0553", "CVE-2009-0946", "CVE-2010-1511", "CVE-2009-0361", "CVE-2008-6218", "CVE-2008-5907", "CVE-2010-0436", "CVE-2010-1205", "CVE-2007-2741", "CVE-2010-0829", "CVE-2009-4896", "CVE-2010-2945", "CVE-2010-2809", "CVE-2009-0040", "CVE-2010-2192", "CVE-2010-2056", "CVE-2009-2042", "CVE-2010-0001", "CVE-2008-6661", "CVE-2010-2529", "CVE-2009-4029", "CVE-2006-3005", "CVE-2010-2251", "CVE-2009-0360", "CVE-2010-0732", "CVE-2008-1382", "CVE-2009-3736", "CVE-2010-1000", "CVE-2009-2624"], "modified": "2014-12-15T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:insight", "p-cpe:/a:gentoo:linux:ncompress", "p-cpe:/a:gentoo:linux:lftp", "p-cpe:/a:gentoo:linux:dvipng", "p-cpe:/a:gentoo:linux:kget", "p-cpe:/a:gentoo:linux:pmount", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:beanstalkd", "p-cpe:/a:gentoo:linux:gzip", "p-cpe:/a:gentoo:linux:uzbl", "p-cpe:/a:gentoo:linux:acl", "p-cpe:/a:gentoo:linux:sourcenav", "p-cpe:/a:gentoo:linux:iputils", "p-cpe:/a:gentoo:linux:splashutils", "p-cpe:/a:gentoo:linux:dvbstreamer", "p-cpe:/a:gentoo:linux:mlmmj", "p-cpe:/a:gentoo:linux:gtk+", "p-cpe:/a:gentoo:linux:m4", "p-cpe:/a:gentoo:linux:kdm", "p-cpe:/a:gentoo:linux:xinit", "p-cpe:/a:gentoo:linux:gv", "p-cpe:/a:gentoo:linux:tk", "p-cpe:/a:gentoo:linux:perl-tk", "p-cpe:/a:gentoo:linux:slim", "p-cpe:/a:gentoo:linux:pam_krb5", "p-cpe:/a:gentoo:linux:partimage", "p-cpe:/a:gentoo:linux:liblzw", "p-cpe:/a:gentoo:linux:bitdefender-console"], "id": "GENTOO_GLSA-201412-08.NASL", "href": "https://www.tenable.com/plugins/nessus/79961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-08.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79961);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3005\", \"CVE-2007-2741\", \"CVE-2008-0553\", \"CVE-2008-1382\", \"CVE-2008-5907\", \"CVE-2008-6218\", \"CVE-2008-6661\", \"CVE-2009-0040\", \"CVE-2009-0360\", \"CVE-2009-0361\", \"CVE-2009-0946\", \"CVE-2009-2042\", \"CVE-2009-2624\", \"CVE-2009-3736\", \"CVE-2009-4029\", \"CVE-2009-4411\", \"CVE-2009-4896\", \"CVE-2010-0001\", \"CVE-2010-0436\", \"CVE-2010-0732\", \"CVE-2010-0829\", \"CVE-2010-1000\", \"CVE-2010-1205\", \"CVE-2010-1511\", \"CVE-2010-2056\", \"CVE-2010-2060\", \"CVE-2010-2192\", \"CVE-2010-2251\", \"CVE-2010-2529\", \"CVE-2010-2809\", \"CVE-2010-2945\");\n script_bugtraq_id(24001, 27655, 28770, 31920, 32751, 33740, 33741, 33827, 33990, 34550, 35233, 37128, 37378, 37455, 37886, 37888, 38211, 39467, 39969, 40141, 40426, 40516, 40939, 41174, 41841, 41911, 42297, 43728);\n script_xref(name:\"GLSA\", value:\"201412-08\");\n\n script_name(english:\"GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-08\n(Multiple packages, Multiple vulnerabilities fixed in 2010)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n Insight\n Perl Tk Module\n Source-Navigator\n Tk\n Partimage\n Mlmmj\n acl\n Xinit\n gzip\n ncompress\n liblzw\n splashutils\n GNU M4\n KDE Display Manager\n GTK+\n KGet\n dvipng\n Beanstalk\n Policy Mount\n pam_krb5\n GNU gv\n LFTP\n Uzbl\n Slim\n Bitdefender Console\n iputils\n DVBStreamer\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, cause Denial of Service, obtain sensitive\n information, or otherwise bypass security restrictions.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-08\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Insight users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/insight-6.7.1-r1'\n All Perl Tk Module users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-perl/perl-tk-804.028-r2'\n All Source-Navigator users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/sourcenav-5.1.4'\n All Tk users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/tk-8.4.18-r1'\n All Partimage users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-block/partimage-0.6.8'\n All Mlmmj users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-mail/mlmmj-1.2.17.1'\n All acl users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/acl-2.2.49'\n All Xinit users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-apps/xinit-1.2.0-r4'\n All gzip users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/gzip-1.4'\n All ncompress users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/ncompress-4.2.4.3'\n All liblzw users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/liblzw-0.2'\n All splashutils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-gfx/splashutils-1.5.4.3-r3'\n All GNU M4 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/m4-1.4.14-r1'\n All KDE Display Manager users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kdm-4.3.5-r1'\n All GTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/gtk+-2.18.7'\n All KGet 4.3 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kget-4.3.5-r1'\n All dvipng users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/dvipng-1.13'\n All Beanstalk users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-misc/beanstalkd-1.4.6'\n All Policy Mount users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/pmount-0.9.23'\n All pam_krb5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-auth/pam_krb5-4.3'\n All GNU gv users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/gv-3.7.1'\n All LFTP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-ftp/lftp-4.0.6'\n All Uzbl users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/uzbl-2010.08.05'\n All Slim users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-misc/slim-1.3.2'\n All iputils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/iputils-20100418'\n All DVBStreamer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-tv/dvbstreamer-1.1-r1'\n Gentoo has discontinued support for Bitdefender Console. We recommend\n that users unmerge Bitdefender Console:\n # emerge --unmerge 'app-antivirus/bitdefender-console'\n NOTE: This is a legacy GLSA. Updates for all affected architectures have\n been available since 2011. It is likely that your system is already no\n longer affected by these issues.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 94, 119, 189, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:acl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:beanstalkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:bitdefender-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:dvbstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:dvipng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gtk+\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:insight\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:iputils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:liblzw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:m4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mlmmj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ncompress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:partimage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:perl-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sourcenav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:splashutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:uzbl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xinit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/gzip\", unaffected:make_list(\"ge 1.4\"), vulnerable:make_list(\"lt 1.4\"))) flag++;\nif (qpkg_check(package:\"kde-base/kget\", unaffected:make_list(\"ge 4.3.5-r1\"), vulnerable:make_list(\"lt 4.3.5-r1\"))) flag++;\nif (qpkg_check(package:\"dev-libs/liblzw\", unaffected:make_list(\"ge 0.2\"), vulnerable:make_list(\"lt 0.2\"))) flag++;\nif (qpkg_check(package:\"kde-base/kdm\", unaffected:make_list(\"ge 4.3.5-r1\"), vulnerable:make_list(\"lt 4.3.5-r1\"))) flag++;\nif (qpkg_check(package:\"app-text/dvipng\", unaffected:make_list(\"ge 1.13\"), vulnerable:make_list(\"lt 1.13\"))) flag++;\nif (qpkg_check(package:\"x11-apps/xinit\", unaffected:make_list(\"ge 1.2.0-r4\"), vulnerable:make_list(\"lt 1.2.0-r4\"))) flag++;\nif (qpkg_check(package:\"net-ftp/lftp\", unaffected:make_list(\"ge 4.0.6\"), vulnerable:make_list(\"lt 4.0.6\"))) flag++;\nif (qpkg_check(package:\"net-mail/mlmmj\", unaffected:make_list(\"ge 1.2.17.1\"), vulnerable:make_list(\"lt 1.2.17.1\"))) flag++;\nif (qpkg_check(package:\"sys-apps/pmount\", unaffected:make_list(\"ge 0.9.23\"), vulnerable:make_list(\"lt 0.9.23\"))) flag++;\nif (qpkg_check(package:\"sys-block/partimage\", unaffected:make_list(\"ge 0.6.8\"), vulnerable:make_list(\"lt 0.6.8\"))) flag++;\nif (qpkg_check(package:\"sys-apps/acl\", unaffected:make_list(\"ge 2.2.49\"), vulnerable:make_list(\"lt 2.2.49\"))) flag++;\nif (qpkg_check(package:\"app-arch/ncompress\", unaffected:make_list(\"ge 4.2.4.3\"), vulnerable:make_list(\"lt 4.2.4.3\"))) flag++;\nif (qpkg_check(package:\"media-gfx/splashutils\", unaffected:make_list(\"ge 1.5.4.3-r3\"), vulnerable:make_list(\"lt 1.5.4.3-r3\"))) flag++;\nif (qpkg_check(package:\"www-client/uzbl\", unaffected:make_list(\"ge 2010.08.05\"), vulnerable:make_list(\"lt 2010.08.05\"))) flag++;\nif (qpkg_check(package:\"dev-util/insight\", unaffected:make_list(\"ge 6.7.1-r1\"), vulnerable:make_list(\"lt 6.7.1-r1\"))) flag++;\nif (qpkg_check(package:\"sys-devel/m4\", unaffected:make_list(\"ge 1.4.14-r1\"), vulnerable:make_list(\"lt 1.4.14-r1\"))) flag++;\nif (qpkg_check(package:\"app-antivirus/bitdefender-console\", unaffected:make_list(), vulnerable:make_list(\"le 7.1\"))) flag++;\nif (qpkg_check(package:\"app-text/gv\", unaffected:make_list(\"ge 3.7.1\"), vulnerable:make_list(\"lt 3.7.1\"))) flag++;\nif (qpkg_check(package:\"media-tv/dvbstreamer\", unaffected:make_list(\"ge 1.1-r1\"), vulnerable:make_list(\"lt 1.1-r1\"))) flag++;\nif (qpkg_check(package:\"app-misc/beanstalkd\", unaffected:make_list(\"ge 1.4.6\"), vulnerable:make_list(\"lt 1.4.6\"))) flag++;\nif (qpkg_check(package:\"net-misc/iputils\", unaffected:make_list(\"ge 20100418\"), vulnerable:make_list(\"lt 20100418\"))) flag++;\nif (qpkg_check(package:\"dev-util/sourcenav\", unaffected:make_list(\"ge 5.1.4\"), vulnerable:make_list(\"lt 5.1.4\"))) flag++;\nif (qpkg_check(package:\"x11-libs/gtk+\", unaffected:make_list(\"ge 2.18.7\"), vulnerable:make_list(\"lt 2.18.7\"))) flag++;\nif (qpkg_check(package:\"sys-auth/pam_krb5\", unaffected:make_list(\"ge 4.3\"), vulnerable:make_list(\"lt 4.3\"))) flag++;\nif (qpkg_check(package:\"dev-lang/tk\", unaffected:make_list(\"ge 8.4.18-r1\"), vulnerable:make_list(\"lt 8.4.18-r1\"))) flag++;\nif (qpkg_check(package:\"x11-misc/slim\", unaffected:make_list(\"ge 1.3.2\"), vulnerable:make_list(\"lt 1.3.2\"))) flag++;\nif (qpkg_check(package:\"dev-perl/perl-tk\", unaffected:make_list(\"ge 804.028-r2\"), vulnerable:make_list(\"lt 804.028-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"app-arch/gzip / kde-base/kget / dev-libs/liblzw / kde-base/kdm / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:20:30", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5316", "CVE-2007-2741", "CVE-2008-5317"], "description": "Chris Evans discovered that certain ICC operations in lcms were not \ncorrectly bounds-checked. If a user or automated system were tricked \ninto processing an image with malicious ICC tags, a remote attacker could \ncrash applications linked against liblcms1, leading to a denial of service, \nor possibly execute arbitrary code with user privileges.", "edition": 5, "modified": "2008-10-14T00:00:00", "published": "2008-10-14T00:00:00", "id": "USN-652-1", "href": "https://ubuntu.com/security/notices/USN-652-1", "title": "LittleCMS vulnerability", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2026", "CVE-2007-4995", "CVE-2013-0339", "CVE-2010-1205", "CVE-2007-3108", "CVE-2007-2741", "CVE-2007-5269", "CVE-2013-0338", "CVE-2007-5135", "CVE-2007-5268", "CVE-2013-2877", "CVE-2007-5116", "CVE-2014-0160", "CVE-2007-5266", "CVE-2007-0720", "CVE-2013-1969", "CVE-2007-2445", "CVE-2013-1664", "CVE-2007-1536", "CVE-2007-5849"], "edition": 1, "description": "### Background\n\nAMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. \n\n### Description\n\nMultiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll users of the AMD64 x86 emulation base libraries should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-baselibs-20140406-r1\"\n \n\nNOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them.", "modified": "2014-12-12T00:00:00", "published": "2014-12-12T00:00:00", "id": "GLSA-201412-11", "href": "https://security.gentoo.org/glsa/201412-11", "type": "gentoo", "title": "AMD64 x86 emulation base libraries: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:16", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2060", "CVE-2009-4411", "CVE-2008-0553", "CVE-2009-0946", "CVE-2010-1511", "CVE-2009-0361", "CVE-2008-6218", "CVE-2008-5907", "CVE-2010-0436", "CVE-2010-1205", "CVE-2007-2741", "CVE-2010-0829", "CVE-2009-4896", "CVE-2010-2945", "CVE-2010-2809", "CVE-2009-0040", "CVE-2010-2192", "CVE-2010-2056", "CVE-2009-2042", "CVE-2010-0001", "CVE-2008-6661", "CVE-2010-2529", "CVE-2009-4029", "CVE-2006-3005", "CVE-2010-2251", "CVE-2009-0360", "CVE-2010-0732", "CVE-2008-1382", "CVE-2009-3736", "CVE-2010-1000", "CVE-2009-2624"], "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * Insight\n * Perl Tk Module\n * Source-Navigator\n * Tk\n * Partimage\n * Mlmmj\n * acl\n * Xinit\n * gzip\n * ncompress\n * liblzw\n * splashutils\n * GNU M4\n * KDE Display Manager\n * GTK+\n * KGet\n * dvipng\n * Beanstalk\n * Policy Mount\n * pam_krb5\n * GNU gv\n * LFTP\n * Uzbl\n * Slim\n * Bitdefender Console\n * iputils\n * DVBStreamer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll Insight users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/insight-6.7.1-r1\"\n \n\nAll Perl Tk Module users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-perl/perl-tk-804.028-r2\"\n \n\nAll Source-Navigator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/sourcenav-5.1.4\"\n \n\nAll Tk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/tk-8.4.18-r1\"\n \n\nAll Partimage users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-block/partimage-0.6.8\"\n \n\nAll Mlmmj users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/mlmmj-1.2.17.1\"\n \n\nAll acl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/acl-2.2.49\"\n \n\nAll Xinit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xinit-1.2.0-r4\"\n \n\nAll gzip users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/gzip-1.4\"\n \n\nAll ncompress users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.3\"\n \n\nAll liblzw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/liblzw-0.2\"\n \n\nAll splashutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-gfx/splashutils-1.5.4.3-r3\"\n \n\nAll GNU M4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/m4-1.4.14-r1\"\n \n\nAll KDE Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdm-4.3.5-r1\"\n \n\nAll GTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gtk+-2.18.7\"\n \n\nAll KGet 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kget-4.3.5-r1\"\n \n\nAll dvipng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/dvipng-1.13\"\n \n\nAll Beanstalk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-misc/beanstalkd-1.4.6\"\n \n\nAll Policy Mount users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/pmount-0.9.23\"\n \n\nAll pam_krb5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/pam_krb5-4.3\"\n \n\nAll GNU gv users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gv-3.7.1\"\n \n\nAll LFTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-ftp/lftp-4.0.6\"\n \n\nAll Uzbl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/uzbl-2010.08.05\"\n \n\nAll Slim users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slim-1.3.2\"\n \n\nAll iputils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/iputils-20100418\"\n \n\nAll DVBStreamer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-tv/dvbstreamer-1.1-r1\"\n \n\nGentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console: \n \n \n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.", "edition": 1, "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "GLSA-201412-08", "href": "https://security.gentoo.org/glsa/201412-08", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2010", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}