ID CENTOS_RHSA-2009-1561.NASL Type nessus Reporter This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2013-06-29T00:00:00
Description
Updated libvorbis packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
The libvorbis packages contain runtime libraries for use in programs
that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary,
patent-and royalty-free, general-purpose compressed audio format.
Multiple flaws were found in the libvorbis library. A specially
crafted Ogg Vorbis media format file (Ogg) could cause an application
using libvorbis to crash or, possibly, execute arbitrary code when
opened. (CVE-2009-3379)
Users of libvorbis should upgrade to these updated packages, which
contain backported patches to correct these issues. The desktop must
be restarted (log out, then log back in) for this update to take
effect.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2009:1561 and
# CentOS Errata and Security Advisory 2009:1561 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(67071);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2009-3379");
script_bugtraq_id(36875);
script_xref(name:"RHSA", value:"2009:1561");
script_name(english:"CentOS 3 / 4 / 5 : libvorbis (CESA-2009:1561)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated libvorbis packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
The libvorbis packages contain runtime libraries for use in programs
that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary,
patent-and royalty-free, general-purpose compressed audio format.
Multiple flaws were found in the libvorbis library. A specially
crafted Ogg Vorbis media format file (Ogg) could cause an application
using libvorbis to crash or, possibly, execute arbitrary code when
opened. (CVE-2009-3379)
Users of libvorbis should upgrade to these updated packages, which
contain backported patches to correct these issues. The desktop must
be restarted (log out, then log back in) for this update to take
effect."
);
# https://lists.centos.org/pipermail/centos-announce/2009-November/016308.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?a5595855"
);
# https://lists.centos.org/pipermail/centos-announce/2009-November/016309.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?eee4078f"
);
# https://lists.centos.org/pipermail/centos-announce/2009-November/016310.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?8b48575d"
);
# https://lists.centos.org/pipermail/centos-announce/2009-November/016311.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?a8a122f6"
);
# https://lists.centos.org/pipermail/centos-announce/2009-November/016322.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?6a4277ea"
);
# https://lists.centos.org/pipermail/centos-announce/2009-November/016323.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?d56b6c17"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libvorbis packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvorbis");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvorbis-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/29");
script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/29");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x / 5.x", "CentOS " + os_ver);
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"libvorbis-1.0-12.el3")) flag++;
if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"libvorbis-1.0-12.el3")) flag++;
if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"libvorbis-devel-1.0-12.el3")) flag++;
if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"libvorbis-devel-1.0-12.el3")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"libvorbis-1.1.0-3.el4_8.3")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"libvorbis-1.1.0-3.el4_8.3")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"libvorbis-devel-1.1.0-3.el4_8.3")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"libvorbis-devel-1.1.0-3.el4_8.3")) flag++;
if (rpm_check(release:"CentOS-5", reference:"libvorbis-1.1.2-3.el5_4.4")) flag++;
if (rpm_check(release:"CentOS-5", reference:"libvorbis-devel-1.1.2-3.el5_4.4")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvorbis / libvorbis-devel");
}
{"id": "CENTOS_RHSA-2009-1561.NASL", "bulletinFamily": "scanner", "title": "CentOS 3 / 4 / 5 : libvorbis (CESA-2009:1561)", "description": "Updated libvorbis packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libvorbis packages contain runtime libraries for use in programs\nthat support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary,\npatent-and royalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially\ncrafted Ogg Vorbis media format file (Ogg) could cause an application\nusing libvorbis to crash or, possibly, execute arbitrary code when\nopened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which\ncontain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take\neffect.", "published": "2013-06-29T00:00:00", "modified": "2013-06-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/67071", "reporter": "This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?8b48575d", "http://www.nessus.org/u?a8a122f6", "http://www.nessus.org/u?a5595855", "http://www.nessus.org/u?d56b6c17", "http://www.nessus.org/u?eee4078f", "http://www.nessus.org/u?6a4277ea"], "cvelist": ["CVE-2009-3379"], "type": "nessus", "lastseen": "2021-01-06T09:25:59", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3379"]}, {"type": "centos", "idList": ["CESA-2009:1561"]}, {"type": "redhat", "idList": ["RHSA-2009:1561"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1561"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_94EDFF42D93D11DEA4340211D880E350.NASL", "FEDORA_2009-11169.NASL", "FEDORA_2009-11243.NASL", "UBUNTU_USN-861-1.NASL", "DEBIAN_DSA-1939.NASL", "SL_20091109_LIBVORBIS_ON_SL3_X.NASL", "MANDRIVA_MDVSA-2009-294.NASL", "REDHAT-RHSA-2009-1561.NASL", "FREEBSD_PKG_C87AA2D2C3C411DEAB08000F20797EDE.NASL", "ORACLELINUX_ELSA-2009-1561.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310880793", "OPENVAS:66181", "OPENVAS:66221", "OPENVAS:880848", "OPENVAS:880793", "OPENVAS:136141256231066221", "OPENVAS:1361412562310122421", "OPENVAS:1361412562310880848", "OPENVAS:1361412562310880856", "OPENVAS:880856"]}, {"type": "ubuntu", "idList": ["USN-861-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10356", "SECURITYVULNS:DOC:22832", "SECURITYVULNS:VULN:10419", "SECURITYVULNS:DOC:22704"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1939-1:4E1D6"]}, {"type": "freebsd", "idList": ["94EDFF42-D93D-11DE-A434-0211D880E350", "C87AA2D2-C3C4-11DE-AB08-000F20797EDE"]}, {"type": "fedora", "idList": ["FEDORA:EB12810F899", "FEDORA:DF86B10F8A5"]}, {"type": "seebug", "idList": ["SSV:12570"]}, {"type": "suse", "idList": ["SUSE-SA:2009:052"]}, {"type": "gentoo", "idList": ["GLSA-201301-01"]}], "modified": "2021-01-06T09:25:59", "rev": 2}, "score": {"value": 9.5, "vector": "NONE", "modified": "2021-01-06T09:25:59", "rev": 2}, "vulnersScore": 9.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1561 and \n# CentOS Errata and Security Advisory 2009:1561 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67071);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3379\");\n script_bugtraq_id(36875);\n script_xref(name:\"RHSA\", value:\"2009:1561\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : libvorbis (CESA-2009:1561)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libvorbis packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libvorbis packages contain runtime libraries for use in programs\nthat support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary,\npatent-and royalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially\ncrafted Ogg Vorbis media format file (Ogg) could cause an application\nusing libvorbis to crash or, possibly, execute arbitrary code when\nopened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which\ncontain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-November/016308.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5595855\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-November/016309.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eee4078f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-November/016310.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b48575d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-November/016311.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8a122f6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-November/016322.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a4277ea\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-November/016323.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d56b6c17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvorbis packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvorbis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"libvorbis-1.0-12.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"libvorbis-1.0-12.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"libvorbis-devel-1.0-12.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"libvorbis-devel-1.0-12.el3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libvorbis-1.1.0-3.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libvorbis-1.1.0-3.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libvorbis-devel-1.1.0-3.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libvorbis-devel-1.1.0-3.el4_8.3\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"libvorbis-1.1.2-3.el5_4.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libvorbis-devel-1.1.2-3.el5_4.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis / libvorbis-devel\");\n}\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "67071", "cpe": ["p-cpe:/a:centos:centos:libvorbis", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:libvorbis-devel", "cpe:/o:centos:centos:3"], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:54:17", "description": "Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.", "edition": 3, "cvss3": {}, "published": "2009-10-29T14:30:00", "title": "CVE-2009-3379", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3379"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.2"], "id": "CVE-2009-3379", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3379", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2020-07-17T03:29:46", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3379"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1561\n\n\nThe libvorbis packages contain runtime libraries for use in programs that\nsupport Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\nroyalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially-crafted Ogg\nVorbis media format file (Ogg) could cause an application using libvorbis\nto crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The desktop must be restarted\n(log out, then log back in) for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028346.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028347.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028348.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028349.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028360.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028361.html\n\n**Affected packages:**\nlibvorbis\nlibvorbis-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1561.html", "edition": 5, "modified": "2009-11-14T01:12:27", "published": "2009-11-09T18:11:44", "href": "http://lists.centos.org/pipermail/centos-announce/2009-November/028346.html", "id": "CESA-2009:1561", "title": "libvorbis security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3379"], "description": "The libvorbis packages contain runtime libraries for use in programs that\nsupport Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\nroyalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially-crafted Ogg\nVorbis media format file (Ogg) could cause an application using libvorbis\nto crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The desktop must be restarted\n(log out, then log back in) for this update to take effect.", "modified": "2018-05-26T04:26:17", "published": "2009-11-09T05:00:00", "id": "RHSA-2009:1561", "href": "https://access.redhat.com/errata/RHSA-2009:1561", "type": "redhat", "title": "(RHSA-2009:1561) Important: libvorbis security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3379"], "description": "[1:1.1.2-3.el5.4]\n- fix CVE-CVE-2009-3379\nResolves: #532418 ", "edition": 4, "modified": "2009-11-09T00:00:00", "published": "2009-11-09T00:00:00", "id": "ELSA-2009-1561", "href": "http://linux.oracle.com/errata/ELSA-2009-1561.html", "title": "libvorbis security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T04:36:05", "description": "From Red Hat Security Advisory 2009:1561 :\n\nUpdated libvorbis packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libvorbis packages contain runtime libraries for use in programs\nthat support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary,\npatent-and royalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially\ncrafted Ogg Vorbis media format file (Ogg) could cause an application\nusing libvorbis to crash or, possibly, execute arbitrary code when\nopened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which\ncontain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take\neffect.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : libvorbis (ELSA-2009-1561)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libvorbis-devel", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:libvorbis"], "id": "ORACLELINUX_ELSA-2009-1561.NASL", "href": "https://www.tenable.com/plugins/nessus/67956", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1561 and \n# Oracle Linux Security Advisory ELSA-2009-1561 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67956);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:08\");\n\n script_cve_id(\"CVE-2009-3379\");\n script_bugtraq_id(36875);\n script_xref(name:\"RHSA\", value:\"2009:1561\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : libvorbis (ELSA-2009-1561)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1561 :\n\nUpdated libvorbis packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libvorbis packages contain runtime libraries for use in programs\nthat support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary,\npatent-and royalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially\ncrafted Ogg Vorbis media format file (Ogg) could cause an application\nusing libvorbis to crash or, possibly, execute arbitrary code when\nopened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which\ncontain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-November/001237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-November/001238.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-November/001240.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvorbis packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvorbis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libvorbis-1.0-12.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libvorbis-1.0-12.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libvorbis-devel-1.0-12.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libvorbis-devel-1.0-12.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"libvorbis-1.1.0-3.0.1.el4_8.3\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libvorbis-devel-1.1.0-3.0.1.el4_8.3\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"libvorbis-1.1.2-3.el5_4.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libvorbis-devel-1.1.2-3.el5_4.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis / libvorbis-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:33:33", "description": "CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63\n\nMultiple flaws were found in the libvorbis library. A specially\ncrafted Ogg Vorbis media format file (Ogg) could cause an application\nusing libvorbis to crash or, possibly, execute arbitrary code when\nopened. (CVE-2009-3379)\n\nThe desktop must be restarted (log out, then log back in) for this\nupdate to take effect.", "edition": 23, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libvorbis on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "modified": "2021-01-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20091109_LIBVORBIS_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60692", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60692);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:18\");\n\n script_cve_id(\"CVE-2009-3379\");\n\n script_name(english:\"Scientific Linux Security Update : libvorbis on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63\n\nMultiple flaws were found in the libvorbis library. A specially\ncrafted Ogg Vorbis media format file (Ogg) could cause an application\nusing libvorbis to crash or, possibly, execute arbitrary code when\nopened. (CVE-2009-3379)\n\nThe desktop must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0911&L=scientific-linux-errata&T=0&P=845\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa00337a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvorbis and / or libvorbis-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"libvorbis-1.0-12.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libvorbis-devel-1.0-12.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"libvorbis-1.1.0-3.el4_8.3\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libvorbis-devel-1.1.0-3.el4_8.3\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"libvorbis-1.1.2-3.el5_4.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libvorbis-devel-1.1.2-3.el5_4.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:57:14", "description": "Updated libvorbis packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libvorbis packages contain runtime libraries for use in programs\nthat support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary,\npatent-and royalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially\ncrafted Ogg Vorbis media format file (Ogg) could cause an application\nusing libvorbis to crash or, possibly, execute arbitrary code when\nopened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which\ncontain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take\neffect.", "edition": 25, "published": "2009-11-10T00:00:00", "title": "RHEL 3 / 4 / 5 : libvorbis (RHSA-2009:1561)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:libvorbis-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:libvorbis", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2009-1561.NASL", "href": "https://www.tenable.com/plugins/nessus/42432", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1561. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42432);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2019/10/25 13:36:14\");\n\n script_cve_id(\"CVE-2009-3379\");\n script_bugtraq_id(36875);\n script_xref(name:\"RHSA\", value:\"2009:1561\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : libvorbis (RHSA-2009:1561)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libvorbis packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libvorbis packages contain runtime libraries for use in programs\nthat support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary,\npatent-and royalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially\ncrafted Ogg Vorbis media format file (Ogg) could cause an application\nusing libvorbis to crash or, possibly, execute arbitrary code when\nopened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which\ncontain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1561\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvorbis and / or libvorbis-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvorbis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1561\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"libvorbis-1.0-12.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"libvorbis-devel-1.0-12.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"libvorbis-1.1.0-3.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libvorbis-devel-1.1.0-3.el4_8.3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"libvorbis-1.1.2-3.el5_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libvorbis-devel-1.1.2-3.el5_4.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis / libvorbis-devel\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:55", "description": "This update fixes :\n\n - Bug #531765 - CVE-2009-3379 libvorbis: security fixes\n mentioned in MFSA 2009-63\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-11-11T00:00:00", "title": "Fedora 10 : libvorbis-1.2.0-7.fc10 (2009-11169)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "modified": "2009-11-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:libvorbis"], "id": "FEDORA_2009-11169.NASL", "href": "https://www.tenable.com/plugins/nessus/42450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-11169.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42450);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3379\");\n script_bugtraq_id(36018, 36875);\n script_xref(name:\"FEDORA\", value:\"2009-11169\");\n\n script_name(english:\"Fedora 10 : libvorbis-1.2.0-7.fc10 (2009-11169)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes :\n\n - Bug #531765 - CVE-2009-3379 libvorbis: security fixes\n mentioned in MFSA 2009-63\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=531765\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/030811.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df1affbb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvorbis package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"libvorbis-1.2.0-7.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:55", "description": "This update fixes :\n\n - Bug #531765 - CVE-2009-3379 libvorbis: security fixes\n mentioned in MFSA 2009-63\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-11-11T00:00:00", "title": "Fedora 11 : libvorbis-1.2.0-9.fc11 (2009-11243)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "modified": "2009-11-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libvorbis", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-11243.NASL", "href": "https://www.tenable.com/plugins/nessus/42451", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-11243.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42451);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3379\");\n script_bugtraq_id(36018, 36875);\n script_xref(name:\"FEDORA\", value:\"2009-11243\");\n\n script_name(english:\"Fedora 11 : libvorbis-1.2.0-9.fc11 (2009-11243)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes :\n\n - Bug #531765 - CVE-2009-3379 libvorbis: security fixes\n mentioned in MFSA 2009-63\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=531765\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/030865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d368b3d5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvorbis package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"libvorbis-1.2.0-9.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:46", "description": "Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky\ndiscovered that libvorbis, a library for the Vorbis general-purpose\ncompressed audio codec, did not correctly handle certain malformed ogg\nfiles. An attacker could cause a denial of service (memory corruption\nand application crash) or possibly execute arbitrary code via a\ncrafted .ogg file.", "edition": 26, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1939-1 : libvorbis - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379", "CVE-2009-2663"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:libvorbis"], "id": "DEBIAN_DSA-1939.NASL", "href": "https://www.tenable.com/plugins/nessus/44804", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1939. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44804);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2663\", \"CVE-2009-3379\");\n script_bugtraq_id(35927, 36018, 36875);\n script_xref(name:\"DSA\", value:\"1939\");\n\n script_name(english:\"Debian DSA-1939-1 : libvorbis - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky\ndiscovered that libvorbis, a library for the Vorbis general-purpose\ncompressed audio codec, did not correctly handle certain malformed ogg\nfiles. An attacker could cause a denial of service (memory corruption\nand application crash) or possibly execute arbitrary code via a\ncrafted .ogg file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1939\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libvorbis packages.\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 1.1.2.dfsg-1.4+etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.2.0.dfsg-3.1+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libvorbis-dev\", reference:\"1.1.2.dfsg-1.4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libvorbis0a\", reference:\"1.1.2.dfsg-1.4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libvorbisenc2\", reference:\"1.1.2.dfsg-1.4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libvorbisfile3\", reference:\"1.1.2.dfsg-1.4+etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libvorbis-dev\", reference:\"1.2.0.dfsg-3.1+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libvorbis0a\", reference:\"1.2.0.dfsg-3.1+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libvorbisenc2\", reference:\"1.2.0.dfsg-3.1+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libvorbisfile3\", reference:\"1.2.0.dfsg-3.1+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:47:37", "description": "The Ubuntu security team reports :\n\nIt was discovered that libvorbis did not correctly handle certain\nmalformed vorbis files. If a user were tricked into opening a\nspecially crafted vorbis file with an application that uses libvorbis,\nan attacker could cause a denial of service or possibly execute\narbitrary code with the user's privileges.", "edition": 25, "published": "2009-11-25T00:00:00", "title": "FreeBSD : libvorbis -- multiple vulnerabilities (94edff42-d93d-11de-a434-0211d880e350)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1420", "CVE-2009-3379"], "modified": "2009-11-25T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libvorbis"], "id": "FREEBSD_PKG_94EDFF42D93D11DEA4340211D880E350.NASL", "href": "https://www.tenable.com/plugins/nessus/42886", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42886);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1420\", \"CVE-2009-3379\");\n\n script_name(english:\"FreeBSD : libvorbis -- multiple vulnerabilities (94edff42-d93d-11de-a434-0211d880e350)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Ubuntu security team reports :\n\nIt was discovered that libvorbis did not correctly handle certain\nmalformed vorbis files. If a user were tricked into opening a\nspecially crafted vorbis file with an application that uses libvorbis,\nan attacker could cause a denial of service or possibly execute\narbitrary code with the user's privileges.\"\n );\n # https://vuxml.freebsd.org/freebsd/94edff42-d93d-11de-a434-0211d880e350.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c38bba4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libvorbis<1.2.3_1,3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:57:12", "description": "It was discovered that libvorbis did not correctly handle ogg files\nwith underpopulated Huffman trees. If a user were tricked into opening\na specially crafted ogg file with an application that uses libvorbis,\nan attacker could cause a denial of service. (CVE-2008-2009)\n\nIt was discovered that libvorbis did not correctly handle certain\nmalformed ogg files. If a user were tricked into opening a specially\ncrafted ogg file with an application that uses libvorbis, an attacker\ncould cause a denial of service or possibly execute arbitrary code\nwith the user's privileges. (CVE-2009-3379).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-11-25T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : libvorbis vulnerabilities (USN-861-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2009", "CVE-2009-3379"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libvorbis0a", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libvorbisenc2", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:libvorbisfile3", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libvorbis-dev"], "id": "UBUNTU_USN-861-1.NASL", "href": "https://www.tenable.com/plugins/nessus/42891", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-861-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42891);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:33:02\");\n\n script_cve_id(\"CVE-2008-2009\", \"CVE-2009-3379\");\n script_bugtraq_id(36875);\n script_xref(name:\"USN\", value:\"861-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : libvorbis vulnerabilities (USN-861-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libvorbis did not correctly handle ogg files\nwith underpopulated Huffman trees. If a user were tricked into opening\na specially crafted ogg file with an application that uses libvorbis,\nan attacker could cause a denial of service. (CVE-2008-2009)\n\nIt was discovered that libvorbis did not correctly handle certain\nmalformed ogg files. If a user were tricked into opening a specially\ncrafted ogg file with an application that uses libvorbis, an attacker\ncould cause a denial of service or possibly execute arbitrary code\nwith the user's privileges. (CVE-2009-3379).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/861-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvorbis-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvorbis0a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvorbisenc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvorbisfile3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libvorbis-dev\", pkgver:\"1.2.0.dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libvorbis0a\", pkgver:\"1.2.0.dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libvorbisenc2\", pkgver:\"1.2.0.dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libvorbisfile3\", pkgver:\"1.2.0.dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libvorbis-dev\", pkgver:\"1.2.0.dfsg-3.1ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libvorbis0a\", pkgver:\"1.2.0.dfsg-3.1ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libvorbisenc2\", pkgver:\"1.2.0.dfsg-3.1ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libvorbisfile3\", pkgver:\"1.2.0.dfsg-3.1ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvorbis-dev\", pkgver:\"1.2.0.dfsg-3.1ubuntu0.9.04.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvorbis0a\", pkgver:\"1.2.0.dfsg-3.1ubuntu0.9.04.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvorbisenc2\", pkgver:\"1.2.0.dfsg-3.1ubuntu0.9.04.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvorbisfile3\", pkgver:\"1.2.0.dfsg-3.1ubuntu0.9.04.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvorbis-dev\", pkgver:\"1.2.0.dfsg-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvorbis0a\", pkgver:\"1.2.0.dfsg-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvorbisenc2\", pkgver:\"1.2.0.dfsg-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvorbisfile3\", pkgver:\"1.2.0.dfsg-6ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis-dev / libvorbis0a / libvorbisenc2 / libvorbisfile3\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:52:23", "description": "Security issues were identified and fixed in firefox 3.5.x :\n\nSecurity researcher Alin Rad Pop of Secunia Research reported a\nheap-based buffer overflow in Mozilla's string to floating point\nnumber conversion routines. Using this vulnerability an attacker could\ncraft some malicious JavaScript code containing a very long string to\nbe converted to a floating point number which would result in improper\nmemory allocation and the execution of an arbitrary memory location.\nThis vulnerability could thus be leveraged by the attacker to run\narbitrary code on a victim's computer (CVE-2009-1563).\n\nSecurity researcher Jeremy Brown reported that the file naming scheme\nused for downloading a file which already exists in the downloads\nfolder is predictable. If an attacker had local access to a victim's\ncomputer and knew the name of a file the victim intended to open\nthrough the Download Manager, he could use this vulnerability to place\na malicious file in the world-writable directory used to save\ntemporary downloaded files and cause the browser to choose the\nincorrect file when opening it. Since this attack requires local\naccess to the victim's machine, the severity of this vulnerability was\ndetermined to be low (CVE-2009-3274).\n\nSecurity researcher Paul Stone reported that a user's form history,\nboth from web content as well as the smart location bar, was\nvulnerable to theft. A malicious web page could synthesize events such\nas mouse focus and key presses on behalf of the victim and trick the\nbrowser into auto-filling the form fields with history entries and\nthen reading the entries (CVE-2009-3370).\n\nSecurity researcher Orlando Berrera of Sec Theory reported that\nrecursive creation of JavaScript web-workers can be used to create a\nset of objects whose memory could be freed prior to their use. These\nconditions often result in a crash which could potentially be used by\nan attacker to run arbitrary code on a victim's computer\n(CVE-2009-3371).\n\nSecurity researcher Marco C. reported a flaw in the parsing of regular\nexpressions used in Proxy Auto-configuration (PAC) files. In certain\ncases this flaw could be used by an attacker to crash a victim's\nbrowser and run arbitrary code on their computer. Since this\nvulnerability requires the victim to have PAC configured in their\nenvironment with specific regular expresssions which can trigger the\ncrash, the severity of the issue was determined to be moderate\n(CVE-2009-3372).\n\nSecurity research firm iDefense reported that researcher regenrecht\ndiscovered a heap-based buffer overflow in Mozilla's GIF image parser.\nThis vulnerability could potentially be used by an attacker to crash a\nvictim's browser and run arbitrary code on their computer\n(CVE-2009-3373).\n\nMozilla security researcher moz_bug_r_a4 reported that the XPCOM\nutility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects\nbefore returning them to chrome callers. This could result in chrome\nprivileged code calling methods on an object which had previously been\ncreated or modified by web content, potentially executing malicious\nJavaScript code with chrome privileges (CVE-2009-3374).\n\nSecurity researcher Gregory Fleischer reported that text within a\nselection on a web page can be read by JavaScript in a different\ndomain using the document.getSelection function, violating the\nsame-origin policy. Since this vulnerability requires user interaction\nto exploit, its severity was determined to be moderate\n(CVE-2009-3375).\n\nMozilla security researchers Jesse Ruderman and Sid Stamm reported\nthat when downloading a file containing a right-to-left override\ncharacter (RTL) in the filename, the name displayed in the dialog\ntitle bar conflicts with the name of the file shown in the dialog\nbody. An attacker could use this vulnerability to obfuscate the name\nand file extension of a file to be downloaded and opened, potentially\ncausing a user to run an executable file when they expected to open a\nnon-executable file (CVE-2009-3376).\n\nMozilla upgraded several third-party libraries used in media rendering\nto address multiple memory safety and stability bugs identified by\nmembers of the Mozilla community. Some of the bugs discovered could\npotentially be used by an attacker to crash a victim's browser and\nexecute arbitrary code on their computer. liboggz, libvorbis, and\nliboggplay were all upgraded to address these issues (CVE-2009-3377,\nCVE-2009-3379, CVE-2009-3378).\n\nMozilla developers and community members identified and fixed several\nstability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code (CVE-2009-3380).\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.", "edition": 28, "published": "2010-07-30T00:00:00", "title": "Mandriva Linux Security Advisory : firefox (MDVSA-2009:294)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1563", "CVE-2009-3376", "CVE-2009-3379", "CVE-2009-3274", "CVE-2009-3380", "CVE-2009-3373", "CVE-2009-3372", "CVE-2009-3375", "CVE-2009-0689", "CVE-2009-3374", "CVE-2009-3371", "CVE-2009-3377", "CVE-2009-3370", "CVE-2009-3378"], "modified": "2010-07-30T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64google-gadgets-devel", "p-cpe:/a:mandriva:linux:firefox-mn", "p-cpe:/a:mandriva:linux:firefox-zh_CN", "p-cpe:/a:mandriva:linux:libggadget-webkitjs0", "p-cpe:/a:mandriva:linux:epiphany-devel", "p-cpe:/a:mandriva:linux:libxulrunner-devel", "p-cpe:/a:mandriva:linux:firefox-sv_SE", "p-cpe:/a:mandriva:linux:lib64ggadget-gtk1.0_0", "p-cpe:/a:mandriva:linux:google-gadgets-common", "p-cpe:/a:mandriva:linux:libggadget1.0_0", "p-cpe:/a:mandriva:linux:firefox-ext-r-kiosk", "p-cpe:/a:mandriva:linux:firefox-sk", "p-cpe:/a:mandriva:linux:lib64ggadget-xdg1.0_0", "p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed", "p-cpe:/a:mandriva:linux:libggadget-qt1.0_0", "p-cpe:/a:mandriva:linux:firefox-eu", "p-cpe:/a:mandriva:linux:firefox-oc", "p-cpe:/a:mandriva:linux:mozilla-plugin-opensc", "p-cpe:/a:mandriva:linux:firefox-ext-beagle", "p-cpe:/a:mandriva:linux:firefox-de", "p-cpe:/a:mandriva:linux:firefox-id", "p-cpe:/a:mandriva:linux:firefox", "p-cpe:/a:mandriva:linux:beagle-doc", "p-cpe:/a:mandriva:linux:libopensc2", "p-cpe:/a:mandriva:linux:firefox-sl", "p-cpe:/a:mandriva:linux:firefox-es_ES", "p-cpe:/a:mandriva:linux:firefox-el", "p-cpe:/a:mandriva:linux:lib64xulrunner-devel", "p-cpe:/a:mandriva:linux:xulrunner", "p-cpe:/a:mandriva:linux:firefox-gl", "p-cpe:/a:mandriva:linux:firefox-ext-scribefire", "p-cpe:/a:mandriva:linux:firefox-fi", "p-cpe:/a:mandriva:linux:firefox-be", "p-cpe:/a:mandriva:linux:lib64ggadget-js1.0_0", "p-cpe:/a:mandriva:linux:firefox-af", "p-cpe:/a:mandriva:linux:firefox-ja", "p-cpe:/a:mandriva:linux:firefox-ku", "p-cpe:/a:mandriva:linux:gnome-python-gda", "p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2", "p-cpe:/a:mandriva:linux:firefox-is", "p-cpe:/a:mandriva:linux:firefox-lv", "p-cpe:/a:mandriva:linux:libgoogle-gadgets-devel", "p-cpe:/a:mandriva:linux:firefox-pa_IN", "p-cpe:/a:mandriva:linux:lib64ggadget-webkitjs0", "p-cpe:/a:mandriva:linux:firefox-tr", "p-cpe:/a:mandriva:linux:firefox-ga_IE", "p-cpe:/a:mandriva:linux:yelp", "p-cpe:/a:mandriva:linux:firefox-nl", "p-cpe:/a:mandriva:linux:firefox-lt", "p-cpe:/a:mandriva:linux:firefox-ext-mozvoikko", "p-cpe:/a:mandriva:linux:firefox-ro", "p-cpe:/a:mandriva:linux:firefox-it", "p-cpe:/a:mandriva:linux:firefox-theme-kde4ff", "p-cpe:/a:mandriva:linux:beagle-evolution", "p-cpe:/a:mandriva:linux:firefox-fy", "p-cpe:/a:mandriva:linux:firefox-es_AR", "p-cpe:/a:mandriva:linux:lib64xulrunner1.9.1.4", "p-cpe:/a:mandriva:linux:firefox-bn", "p-cpe:/a:mandriva:linux:firefox-sq", "p-cpe:/a:mandriva:linux:firefox-ka", "p-cpe:/a:mandriva:linux:firefox-ru", "p-cpe:/a:mandriva:linux:lib64ggadget-npapi1.0_0", "p-cpe:/a:mandriva:linux:opensc", "p-cpe:/a:mandriva:linux:lib64ggadget-dbus1.0_0", "p-cpe:/a:mandriva:linux:lib64ggadget-qt1.0_0", "p-cpe:/a:mandriva:linux:firefox-fr", "p-cpe:/a:mandriva:linux:firefox-zh_TW", "p-cpe:/a:mandriva:linux:google-gadgets-gtk", "p-cpe:/a:mandriva:linux:libggadget-npapi1.0_0", "p-cpe:/a:mandriva:linux:firefox-te", "p-cpe:/a:mandriva:linux:firefox-eo", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle", "p-cpe:/a:mandriva:linux:libopensc-devel", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:firefox-mk", "p-cpe:/a:mandriva:linux:epiphany-extensions", "p-cpe:/a:mandriva:linux:python-xpcom", "p-cpe:/a:mandriva:linux:firefox-ca", "p-cpe:/a:mandriva:linux:firefox-bg", "p-cpe:/a:mandriva:linux:firefox-et", "p-cpe:/a:mandriva:linux:epiphany", "p-cpe:/a:mandriva:linux:firefox-si", "p-cpe:/a:mandriva:linux:firefox-pt_PT", "p-cpe:/a:mandriva:linux:firefox-ext-blogrovr", "p-cpe:/a:mandriva:linux:libggadget-gtk1.0_0", "p-cpe:/a:mandriva:linux:firefox-cy", "p-cpe:/a:mandriva:linux:libxulrunner1.9.1.4", "p-cpe:/a:mandriva:linux:beagle", "p-cpe:/a:mandriva:linux:firefox-ko", "p-cpe:/a:mandriva:linux:lib64opensc-devel", "p-cpe:/a:mandriva:linux:beagle-gui-qt", "p-cpe:/a:mandriva:linux:firefox-nb_NO", "p-cpe:/a:mandriva:linux:firefox-uk", "p-cpe:/a:mandriva:linux:firefox-kn", "p-cpe:/a:mandriva:linux:lib64ggadget1.0_0", "p-cpe:/a:mandriva:linux:firefox-devel", "p-cpe:/a:mandriva:linux:beagle-libs", "p-cpe:/a:mandriva:linux:libggadget-js1.0_0", "p-cpe:/a:mandriva:linux:lib64opensc2", "p-cpe:/a:mandriva:linux:firefox-ar", "p-cpe:/a:mandriva:linux:firefox-nn_NO", "p-cpe:/a:mandriva:linux:firefox-pt_BR", "p-cpe:/a:mandriva:linux:libggadget-xdg1.0_0", "p-cpe:/a:mandriva:linux:gnome-python-gdl", "p-cpe:/a:mandriva:linux:firefox-da", "p-cpe:/a:mandriva:linux:firefox-hu", "p-cpe:/a:mandriva:linux:firefox-ext-plasmanotify", "p-cpe:/a:mandriva:linux:google-gadgets-qt", "p-cpe:/a:mandriva:linux:firefox-sr", "p-cpe:/a:mandriva:linux:firefox-pl", "p-cpe:/a:mandriva:linux:gnome-python-gda-devel", "p-cpe:/a:mandriva:linux:beagle-crawl-system", "p-cpe:/a:mandriva:linux:firefox-gu_IN", "p-cpe:/a:mandriva:linux:firefox-cs", "p-cpe:/a:mandriva:linux:gnome-python-extras", "p-cpe:/a:mandriva:linux:firefox-hi", "p-cpe:/a:mandriva:linux:firefox-th", "p-cpe:/a:mandriva:linux:firefox-en_GB", "p-cpe:/a:mandriva:linux:firefox-mr", "p-cpe:/a:mandriva:linux:firefox-ext-foxmarks", "p-cpe:/a:mandriva:linux:firefox-he", "p-cpe:/a:mandriva:linux:libggadget-dbus1.0_0", "p-cpe:/a:mandriva:linux:beagle-gui", "p-cpe:/a:mandriva:linux:gnome-python-gtkspell"], "id": "MANDRIVA_MDVSA-2009-294.NASL", "href": "https://www.tenable.com/plugins/nessus/48157", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:294. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48157);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0689\", \"CVE-2009-3274\", \"CVE-2009-3370\", \"CVE-2009-3371\", \"CVE-2009-3372\", \"CVE-2009-3373\", \"CVE-2009-3374\", \"CVE-2009-3375\", \"CVE-2009-3376\", \"CVE-2009-3377\", \"CVE-2009-3378\", \"CVE-2009-3379\", \"CVE-2009-3380\");\n script_bugtraq_id(36851, 36852, 36853, 36854, 36855, 36856, 36857, 36858, 36867, 36871, 36872, 36873, 36875);\n script_xref(name:\"MDVSA\", value:\"2009:294\");\n\n script_name(english:\"Mandriva Linux Security Advisory : firefox (MDVSA-2009:294)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues were identified and fixed in firefox 3.5.x :\n\nSecurity researcher Alin Rad Pop of Secunia Research reported a\nheap-based buffer overflow in Mozilla's string to floating point\nnumber conversion routines. Using this vulnerability an attacker could\ncraft some malicious JavaScript code containing a very long string to\nbe converted to a floating point number which would result in improper\nmemory allocation and the execution of an arbitrary memory location.\nThis vulnerability could thus be leveraged by the attacker to run\narbitrary code on a victim's computer (CVE-2009-1563).\n\nSecurity researcher Jeremy Brown reported that the file naming scheme\nused for downloading a file which already exists in the downloads\nfolder is predictable. If an attacker had local access to a victim's\ncomputer and knew the name of a file the victim intended to open\nthrough the Download Manager, he could use this vulnerability to place\na malicious file in the world-writable directory used to save\ntemporary downloaded files and cause the browser to choose the\nincorrect file when opening it. Since this attack requires local\naccess to the victim's machine, the severity of this vulnerability was\ndetermined to be low (CVE-2009-3274).\n\nSecurity researcher Paul Stone reported that a user's form history,\nboth from web content as well as the smart location bar, was\nvulnerable to theft. A malicious web page could synthesize events such\nas mouse focus and key presses on behalf of the victim and trick the\nbrowser into auto-filling the form fields with history entries and\nthen reading the entries (CVE-2009-3370).\n\nSecurity researcher Orlando Berrera of Sec Theory reported that\nrecursive creation of JavaScript web-workers can be used to create a\nset of objects whose memory could be freed prior to their use. These\nconditions often result in a crash which could potentially be used by\nan attacker to run arbitrary code on a victim's computer\n(CVE-2009-3371).\n\nSecurity researcher Marco C. reported a flaw in the parsing of regular\nexpressions used in Proxy Auto-configuration (PAC) files. In certain\ncases this flaw could be used by an attacker to crash a victim's\nbrowser and run arbitrary code on their computer. Since this\nvulnerability requires the victim to have PAC configured in their\nenvironment with specific regular expresssions which can trigger the\ncrash, the severity of the issue was determined to be moderate\n(CVE-2009-3372).\n\nSecurity research firm iDefense reported that researcher regenrecht\ndiscovered a heap-based buffer overflow in Mozilla's GIF image parser.\nThis vulnerability could potentially be used by an attacker to crash a\nvictim's browser and run arbitrary code on their computer\n(CVE-2009-3373).\n\nMozilla security researcher moz_bug_r_a4 reported that the XPCOM\nutility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects\nbefore returning them to chrome callers. This could result in chrome\nprivileged code calling methods on an object which had previously been\ncreated or modified by web content, potentially executing malicious\nJavaScript code with chrome privileges (CVE-2009-3374).\n\nSecurity researcher Gregory Fleischer reported that text within a\nselection on a web page can be read by JavaScript in a different\ndomain using the document.getSelection function, violating the\nsame-origin policy. Since this vulnerability requires user interaction\nto exploit, its severity was determined to be moderate\n(CVE-2009-3375).\n\nMozilla security researchers Jesse Ruderman and Sid Stamm reported\nthat when downloading a file containing a right-to-left override\ncharacter (RTL) in the filename, the name displayed in the dialog\ntitle bar conflicts with the name of the file shown in the dialog\nbody. An attacker could use this vulnerability to obfuscate the name\nand file extension of a file to be downloaded and opened, potentially\ncausing a user to run an executable file when they expected to open a\nnon-executable file (CVE-2009-3376).\n\nMozilla upgraded several third-party libraries used in media rendering\nto address multiple memory safety and stability bugs identified by\nmembers of the Mozilla community. Some of the bugs discovered could\npotentially be used by an attacker to crash a victim's browser and\nexecute arbitrary code on their computer. liboggz, libvorbis, and\nliboggplay were all upgraded to address these issues (CVE-2009-3377,\nCVE-2009-3379, CVE-2009-3378).\n\nMozilla developers and community members identified and fixed several\nstability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code (CVE-2009-3380).\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/#firefox3.5.4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9138152c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 119, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-crawl-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-blogrovr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-foxmarks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-plasmanotify\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-r-kiosk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-scribefire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-theme-kde4ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:google-gadgets-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:google-gadgets-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:google-gadgets-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-dbus1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-gtk1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-js1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-npapi1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-qt1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-webkitjs0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-xdg1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64google-gadgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64opensc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64opensc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner1.9.1.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-dbus1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-gtk1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-js1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-npapi1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-qt1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-webkitjs0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-xdg1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgoogle-gadgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopensc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopensc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner1.9.1.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-plugin-opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-xpcom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-0.3.9-19.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-crawl-system-0.3.9-19.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-doc-0.3.9-19.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-evolution-0.3.9-19.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-gui-0.3.9-19.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-gui-qt-0.3.9-19.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-libs-0.3.9-19.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"epiphany-2.28.1-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"epiphany-devel-2.28.1-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"epiphany-extensions-2.28.1-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-af-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ar-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-be-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-bg-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-bn-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ca-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-cs-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-cy-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-da-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-de-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-devel-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-el-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-en_GB-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-eo-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-es_AR-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-es_ES-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-et-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-eu-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-beagle-0.3.9-19.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-blogrovr-1.1.804-6.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-foxmarks-2.7.2-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-mozvoikko-1.0-6.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-plasmanotify-0.3.0-6.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-r-kiosk-0.7.2-9.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-scribefire-3.4.5-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-fi-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-fr-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-fy-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ga_IE-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-gl-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-gu_IN-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-he-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-hi-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-hu-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-id-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-is-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-it-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ja-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ka-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-kn-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ko-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ku-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-lt-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-lv-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-mk-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-mn-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-mr-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-nb_NO-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-nl-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-nn_NO-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-oc-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pa_IN-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pl-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pt_BR-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pt_PT-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ro-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ru-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-si-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sk-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sl-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sq-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sr-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sv_SE-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-te-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-th-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-theme-kde4ff-0.14-18.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-tr-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-uk-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-zh_CN-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-zh_TW-3.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-extras-2.25.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gda-2.25.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gda-devel-2.25.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gdl-2.25.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gtkhtml2-2.25.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gtkmozembed-2.25.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gtkspell-2.25.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"google-gadgets-common-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"google-gadgets-gtk-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"google-gadgets-qt-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-dbus1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-gtk1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-js1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-npapi1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-qt1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-webkitjs0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-xdg1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64google-gadgets-devel-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64opensc-devel-0.11.9-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64opensc2-0.11.9-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64xulrunner-devel-1.9.1.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64xulrunner1.9.1.4-1.9.1.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-dbus1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-gtk1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-js1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-npapi1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-qt1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-webkitjs0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-xdg1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget1.0_0-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libgoogle-gadgets-devel-0.11.1-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libopensc-devel-0.11.9-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libopensc2-0.11.9-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libxulrunner-devel-1.9.1.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libxulrunner1.9.1.4-1.9.1.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-plugin-opensc-0.11.9-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-beagle-0.3.9-19.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"opensc-0.11.9-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"python-xpcom-1.9.1.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"xulrunner-1.9.1.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"yelp-2.28.0-1.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:49:55", "description": "Mozilla Foundation reports :\n\nMFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/\n1.9.0.15)\n\nMFSA 2009-63 Upgrade media libraries to fix memory safety bugs\n\nMFSA 2009-62 Download filename spoofing with RTL override\n\nMFSA 2009-61 Cross-origin data theft through document.getSelection()\n\nMFSA 2009-59 Heap buffer overflow in string to number conversion\n\nMFSA 2009-57 Chrome privilege escalation in\nXPCVariant::VariantDataToJS()\n\nMFSA 2009-56 Heap buffer overflow in GIF color map parser\n\nMFSA 2009-55 Crash in proxy auto-configuration regexp parsing\n\nMFSA 2009-54 Crash with recursive web-worker calls\n\nMFSA 2009-53 Local downloaded file tampering\n\nMFSA 2009-52 Form history vulnerable to stealing", "edition": 26, "published": "2009-10-29T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (c87aa2d2-c3c4-11de-ab08-000f20797ede)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3376", "CVE-2009-3379", "CVE-2009-3274", "CVE-2009-3380", "CVE-2009-3373", "CVE-2009-3383", "CVE-2009-3372", "CVE-2009-3375", "CVE-2009-0689", "CVE-2009-3374", "CVE-2009-3371", "CVE-2009-3377", "CVE-2009-3382", "CVE-2009-3370", "CVE-2009-3381", "CVE-2009-3378"], "modified": "2009-10-29T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox"], "id": "FREEBSD_PKG_C87AA2D2C3C411DEAB08000F20797EDE.NASL", "href": "https://www.tenable.com/plugins/nessus/42298", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42298);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0689\", \"CVE-2009-3274\", \"CVE-2009-3370\", \"CVE-2009-3371\", \"CVE-2009-3372\", \"CVE-2009-3373\", \"CVE-2009-3374\", \"CVE-2009-3375\", \"CVE-2009-3376\", \"CVE-2009-3377\", \"CVE-2009-3378\", \"CVE-2009-3379\", \"CVE-2009-3380\", \"CVE-2009-3381\", \"CVE-2009-3382\", \"CVE-2009-3383\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (c87aa2d2-c3c4-11de-ab08-000f20797ede)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Foundation reports :\n\nMFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/\n1.9.0.15)\n\nMFSA 2009-63 Upgrade media libraries to fix memory safety bugs\n\nMFSA 2009-62 Download filename spoofing with RTL override\n\nMFSA 2009-61 Cross-origin data theft through document.getSelection()\n\nMFSA 2009-59 Heap buffer overflow in string to number conversion\n\nMFSA 2009-57 Chrome privilege escalation in\nXPCVariant::VariantDataToJS()\n\nMFSA 2009-56 Heap buffer overflow in GIF color map parser\n\nMFSA 2009-55 Crash in proxy auto-configuration regexp parsing\n\nMFSA 2009-54 Crash with recursive web-worker calls\n\nMFSA 2009-53 Local downloaded file tampering\n\nMFSA 2009-52 Form history vulnerable to stealing\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-64.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-63.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-62.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-61.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-61/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-59.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-59/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-57/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-56.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-56/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-55.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-55/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-54.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-54/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-53.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-53/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-52.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-52/\"\n );\n # https://vuxml.freebsd.org/freebsd/c87aa2d2-c3c4-11de-ab08-000f20797ede.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?037fddbc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>3.5.*,1<3.5.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox>3.*,1<3.0.15,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<3.0.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:55:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "description": "Check for the Version of libvorbis", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880848", "href": "http://plugins.openvas.org/nasl.php?oid=880848", "type": "openvas", "title": "CentOS Update for libvorbis CESA-2009:1561 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libvorbis CESA-2009:1561 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libvorbis packages contain runtime libraries for use in programs that\n support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\n royalty-free, general-purpose compressed audio format.\n\n Multiple flaws were found in the libvorbis library. A specially-crafted Ogg\n Vorbis media format file (Ogg) could cause an application using libvorbis\n to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n \n Users of libvorbis should upgrade to these updated packages, which contain\n backported patches to correct these issues. The desktop must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libvorbis on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-November/016308.html\");\n script_id(880848);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1561\");\n script_cve_id(\"CVE-2009-3379\");\n script_name(\"CentOS Update for libvorbis CESA-2009:1561 centos3 i386\");\n\n script_summary(\"Check for the Version of libvorbis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.0~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.0~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "description": "Check for the Version of libvorbis", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880793", "href": "http://plugins.openvas.org/nasl.php?oid=880793", "type": "openvas", "title": "CentOS Update for libvorbis CESA-2009:1561 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libvorbis CESA-2009:1561 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libvorbis packages contain runtime libraries for use in programs that\n support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\n royalty-free, general-purpose compressed audio format.\n\n Multiple flaws were found in the libvorbis library. A specially-crafted Ogg\n Vorbis media format file (Ogg) could cause an application using libvorbis\n to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n \n Users of libvorbis should upgrade to these updated packages, which contain\n backported patches to correct these issues. The desktop must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libvorbis on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-November/016323.html\");\n script_id(880793);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1561\");\n script_cve_id(\"CVE-2009-3379\");\n script_name(\"CentOS Update for libvorbis CESA-2009:1561 centos5 i386\");\n\n script_summary(\"Check for the Version of libvorbis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~3.el5_4.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.2~3.el5_4.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880856", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880856", "type": "openvas", "title": "CentOS Update for libvorbis CESA-2009:1561 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libvorbis CESA-2009:1561 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-November/016310.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880856\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1561\");\n script_cve_id(\"CVE-2009-3379\");\n script_name(\"CentOS Update for libvorbis CESA-2009:1561 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvorbis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"libvorbis on CentOS 4\");\n script_tag(name:\"insight\", value:\"The libvorbis packages contain runtime libraries for use in programs that\n support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\n royalty-free, general-purpose compressed audio format.\n\n Multiple flaws were found in the libvorbis library. A specially-crafted Ogg\n Vorbis media format file (Ogg) could cause an application using libvorbis\n to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n\n Users of libvorbis should upgrade to these updated packages, which contain\n backported patches to correct these issues. The desktop must be restarted\n (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.0~3.el4_8.3\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.0~3.el4_8.3\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "description": "Check for the Version of libvorbis", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880856", "href": "http://plugins.openvas.org/nasl.php?oid=880856", "type": "openvas", "title": "CentOS Update for libvorbis CESA-2009:1561 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libvorbis CESA-2009:1561 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libvorbis packages contain runtime libraries for use in programs that\n support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\n royalty-free, general-purpose compressed audio format.\n\n Multiple flaws were found in the libvorbis library. A specially-crafted Ogg\n Vorbis media format file (Ogg) could cause an application using libvorbis\n to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n \n Users of libvorbis should upgrade to these updated packages, which contain\n backported patches to correct these issues. The desktop must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libvorbis on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-November/016310.html\");\n script_id(880856);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1561\");\n script_cve_id(\"CVE-2009-3379\");\n script_name(\"CentOS Update for libvorbis CESA-2009:1561 centos4 i386\");\n\n script_summary(\"Check for the Version of libvorbis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.0~3.el4_8.3\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.0~3.el4_8.3\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880848", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880848", "type": "openvas", "title": "CentOS Update for libvorbis CESA-2009:1561 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libvorbis CESA-2009:1561 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-November/016308.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880848\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1561\");\n script_cve_id(\"CVE-2009-3379\");\n script_name(\"CentOS Update for libvorbis CESA-2009:1561 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvorbis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"libvorbis on CentOS 3\");\n script_tag(name:\"insight\", value:\"The libvorbis packages contain runtime libraries for use in programs that\n support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\n royalty-free, general-purpose compressed audio format.\n\n Multiple flaws were found in the libvorbis library. A specially-crafted Ogg\n Vorbis media format file (Ogg) could cause an application using libvorbis\n to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n\n Users of libvorbis should upgrade to these updated packages, which contain\n backported patches to correct these issues. The desktop must be restarted\n (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.0~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.0~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:56:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "description": "The remote host is missing updates to libvorbis announced in\nadvisory CESA-2009:1561.", "modified": "2017-07-10T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:66221", "href": "http://plugins.openvas.org/nasl.php?oid=66221", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1561 (libvorbis)", "sourceData": "#CESA-2009:1561 66221 6\n# $Id: ovcesa2009_1561.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1561 (libvorbis)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1561\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1561\nhttps://rhn.redhat.com/errata/RHSA-2009-1561.html\";\ntag_summary = \"The remote host is missing updates to libvorbis announced in\nadvisory CESA-2009:1561.\";\n\n\n\nif(description)\n{\n script_id(66221);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3379\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1561 (libvorbis)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.0~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.0~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.0~3.el4_8.3\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.0~3.el4_8.3\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~3.el5_4.4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.2~3.el5_4.4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1561.\n\nThe libvorbis packages contain runtime libraries for use in programs that\nsupport Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\nroyalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially-crafted Ogg\nVorbis media format file (Ogg) could cause an application using libvorbis\nto crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The desktop must be restarted\n(log out, then log back in) for this update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:66181", "href": "http://plugins.openvas.org/nasl.php?oid=66181", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1561", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1561.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1561 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1561.\n\nThe libvorbis packages contain runtime libraries for use in programs that\nsupport Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\nroyalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially-crafted Ogg\nVorbis media format file (Ogg) could cause an application using libvorbis\nto crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The desktop must be restarted\n(log out, then log back in) for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66181);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3379\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1561\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1561.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.0~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-debuginfo\", rpm:\"libvorbis-debuginfo~1.0~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.0~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.0~3.el4_8.3\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-debuginfo\", rpm:\"libvorbis-debuginfo~1.1.0~3.el4_8.3\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.0~3.el4_8.3\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~3.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-debuginfo\", rpm:\"libvorbis-debuginfo~1.1.2~3.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.2~3.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1561.\n\nThe libvorbis packages contain runtime libraries for use in programs that\nsupport Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\nroyalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially-crafted Ogg\nVorbis media format file (Ogg) could cause an application using libvorbis\nto crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The desktop must be restarted\n(log out, then log back in) for this update to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:136141256231066181", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066181", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1561", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1561.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1561 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1561.\n\nThe libvorbis packages contain runtime libraries for use in programs that\nsupport Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\nroyalty-free, general-purpose compressed audio format.\n\nMultiple flaws were found in the libvorbis library. A specially-crafted Ogg\nVorbis media format file (Ogg) could cause an application using libvorbis\nto crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)\n\nUsers of libvorbis should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The desktop must be restarted\n(log out, then log back in) for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66181\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3379\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1561\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1561.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.0~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-debuginfo\", rpm:\"libvorbis-debuginfo~1.0~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.0~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.0~3.el4_8.3\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-debuginfo\", rpm:\"libvorbis-debuginfo~1.1.0~3.el4_8.3\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.0~3.el4_8.3\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~3.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-debuginfo\", rpm:\"libvorbis-debuginfo~1.1.2~3.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.2~3.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "description": "The remote host is missing updates to libvorbis announced in\nadvisory CESA-2009:1561.", "modified": "2018-04-06T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:136141256231066221", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066221", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1561 (libvorbis)", "sourceData": "#CESA-2009:1561 66221 6\n# $Id: ovcesa2009_1561.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1561 (libvorbis)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1561\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1561\nhttps://rhn.redhat.com/errata/RHSA-2009-1561.html\";\ntag_summary = \"The remote host is missing updates to libvorbis announced in\nadvisory CESA-2009:1561.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66221\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3379\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1561 (libvorbis)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.0~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.0~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.0~3.el4_8.3\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.0~3.el4_8.3\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~3.el5_4.4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.2~3.el5_4.4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3379"], "description": "Oracle Linux Local Security Checks ELSA-2009-1561", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122421", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1561", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1561.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122421\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:44:59 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1561\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1561 - libvorbis security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1561\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1561.html\");\n script_cve_id(\"CVE-2009-3379\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~3.el5_4.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.2~3.el5_4.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-08T23:30:18", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2009", "CVE-2009-3379"], "description": "It was discovered that libvorbis did not correctly handle ogg files with \nunderpopulated Huffman trees. If a user were tricked into opening a \nspecially crafted ogg file with an application that uses libvorbis, an \nattacker could cause a denial of service. (CVE-2008-2009)\n\nIt was discovered that libvorbis did not correctly handle certain malformed \nogg files. If a user were tricked into opening a specially crafted ogg file \nwith an application that uses libvorbis, an attacker could cause a denial \nof service or possibly execute arbitrary code with the user's privileges. \n(CVE-2009-3379)", "edition": 5, "modified": "2009-11-24T00:00:00", "published": "2009-11-24T00:00:00", "id": "USN-861-1", "href": "https://ubuntu.com/security/notices/USN-861-1", "title": "libvorbis vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2008-2009", "CVE-2009-3379"], "description": "===========================================================\r\nUbuntu Security Notice USN-861-1 November 24, 2009\r\nlibvorbis vulnerabilities\r\nCVE-2008-2009, CVE-2009-3379\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\nUbuntu 9.04\r\nUbuntu 9.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.04 LTS:\r\n libvorbis0a 1.2.0.dfsg-2ubuntu0.3\r\n\r\nUbuntu 8.10:\r\n libvorbis0a 1.2.0.dfsg-3.1ubuntu0.8.10.2\r\n\r\nUbuntu 9.04:\r\n libvorbis0a 1.2.0.dfsg-3.1ubuntu0.9.04.2\r\n\r\nUbuntu 9.10:\r\n libvorbis0a 1.2.0.dfsg-6ubuntu0.1\r\n\r\nAfter a standard system upgrade you need to restart any applications that\r\nuse libvorbis, such as Totem and gtkpod, to effect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that libvorbis did not correctly handle ogg files with\r\nunderpopulated Huffman trees. If a user were tricked into opening a\r\nspecially crafted ogg file with an application that uses libvorbis, an\r\nattacker could cause a denial of service. (CVE-2008-2009)\r\n\r\nIt was discovered that libvorbis did not correctly handle certain malformed\r\nogg files. If a user were tricked into opening a specially crafted ogg file\r\nwith an application that uses libvorbis, an attacker could cause a denial\r\nof service or possibly execute arbitrary code with the user's privileges.\r\n(CVE-2009-3379)\r\n\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.3.diff.gz\r\n Size/MD5: 12991 d7ac1cea7fd18471b0366844c4f2d434\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.3.dsc\r\n Size/MD5: 937 b9ab7e79ef09dbe4cc523245a179853c\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz\r\n Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.3_amd64.deb\r\n Size/MD5: 476030 a96358bb558f637d96a4354101f9bb2c\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.3_amd64.deb\r\n Size/MD5: 104488 5463be3057e6f7e8db31b1acf3c8502d\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.3_amd64.deb\r\n Size/MD5: 94894 2c21a6d370070b7d12bed48f96036463\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.3_amd64.deb\r\n Size/MD5: 19630 a5a80fc2df2729b88590addfe3982cfb\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.3_i386.deb\r\n Size/MD5: 456398 9e41b7ea54511a6b6127c5c643eddb1e\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.3_i386.deb\r\n Size/MD5: 99448 ffc9abdb63cc0312fef0566473f4c13d\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.3_i386.deb\r\n Size/MD5: 76726 8dc17f35d4699557bff77dc8a2673de8\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.3_i386.deb\r\n Size/MD5: 20402 cc111d8b13c33c5b03a364b0d1bb95d1\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.3_lpia.deb\r\n Size/MD5: 458366 c2d4e954201ef68cc3d241a7dda3ea93\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.3_lpia.deb\r\n Size/MD5: 100038 b371e7f6d202b427614a656cd618e407\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.3_lpia.deb\r\n Size/MD5: 76912 b219d40cdaadb9aa368b4e3449a0de0b\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.3_lpia.deb\r\n Size/MD5: 20406 cc10625815d7cb3516ad3e2e7325e7f8\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.3_powerpc.deb\r\n Size/MD5: 485154 86ff174f93f9000e89aa84ae7ba8e702\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.3_powerpc.deb\r\n Size/MD5: 109396 5e52e396225668911249ad4840ba89d2\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.3_powerpc.deb\r\n Size/MD5: 84090 053277cac971a8dd5854b25bc82f1275\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.3_powerpc.deb\r\n Size/MD5: 24256 7b644a68479f137d1c31cb7bc6e11239\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.3_sparc.deb\r\n Size/MD5: 462624 43611553a9ff71736ad1829ee2d48ee6\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.3_sparc.deb\r\n Size/MD5: 100454 5d94a781fafacdb33752fbe8c687f4a6\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.3_sparc.deb\r\n Size/MD5: 81230 e7c3fcb35cd9f255af91fb850fce7718\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.3_sparc.deb\r\n Size/MD5: 19678 5c6725ecf7ad2f5697ddd80ec7181d99\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1ubuntu0.8.10.2.diff.gz\r\n Size/MD5: 14099 3b381e5b9d4ff995371549d0f4049b17\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1ubuntu0.8.10.2.dsc\r\n Size/MD5: 1391 f693d0a5b8d382d11eafee3eeaec74b5\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz\r\n Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.8.10.2_amd64.deb\r\n Size/MD5: 479892 fa93b658c3490a316a40440d66791937\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.8.10.2_amd64.deb\r\n Size/MD5: 109252 ef6627a20fb4892a1069ded79fe379be\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.8.10.2_amd64.deb\r\n Size/MD5: 96200 4fe223431c6c290695ae9c27fac0966a\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.8.10.2_amd64.deb\r\n Size/MD5: 20768 cb51f1c14be4d5bd735bc2ac74c4084f\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.8.10.2_i386.deb\r\n Size/MD5: 460236 8d03a67ad77c3065462e07bfac250e79\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.8.10.2_i386.deb\r\n Size/MD5: 102638 29966392d03df0d2523aa3177434a158\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.8.10.2_i386.deb\r\n Size/MD5: 77906 10ad5e56f23d2b8f4ebb385df163b676\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.8.10.2_i386.deb\r\n Size/MD5: 21822 877561be88e24e6de4874c393257ba62\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.8.10.2_lpia.deb\r\n Size/MD5: 462006 8e817bd23febab8094cd11e99864bc92\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.8.10.2_lpia.deb\r\n Size/MD5: 103306 3d377b2b715e457858f7a3afa72e3a34\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.8.10.2_lpia.deb\r\n Size/MD5: 78054 87197ab70eab21d293d06a03b925a30a\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.8.10.2_lpia.deb\r\n Size/MD5: 21654 916bdeadfed79e9521fc44c10f414f23\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.8.10.2_powerpc.deb\r\n Size/MD5: 491454 62a722a76f9169182787e6646a01549b\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.8.10.2_powerpc.deb\r\n Size/MD5: 115404 d951d55225968eebf9464d18f6faab2f\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.8.10.2_powerpc.deb\r\n Size/MD5: 85524 cb9fa0eff43344cbcd177c44455ca863\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.8.10.2_powerpc.deb\r\n Size/MD5: 25540 6252523c4b9cb8e91af913dfa94a4509\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.8.10.2_sparc.deb\r\n Size/MD5: 465890 7bb9b029adab1877f2ae9b66ad650da6\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.8.10.2_sparc.deb\r\n Size/MD5: 105036 b5efdeab1f1ae5bf0f68032fae4de733\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.8.10.2_sparc.deb\r\n Size/MD5: 82522 217424eb3438493636c8e2e2e947a951\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.8.10.2_sparc.deb\r\n Size/MD5: 21210 fe7a01c235dcde80427cdc1c4218c650\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.diff.gz\r\n Size/MD5: 14106 806c51558b40e8a0173258e322126dfc\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.dsc\r\n Size/MD5: 1391 8237287820fda9e5caaf1645917012a9\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz\r\n Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_amd64.deb\r\n Size/MD5: 479954 ed840c38ac73f07d2594485992810cf3\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_amd64.deb\r\n Size/MD5: 109254 fa9ecb0116a031ea24c068f7c104a6c5\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_amd64.deb\r\n Size/MD5: 96190 92cce557b7dc8367962bd71f5d2e16ed\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_amd64.deb\r\n Size/MD5: 20752 b092b5312c1fdc3ca3b68efb67c6d788\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb\r\n Size/MD5: 460350 dcab6f09451ee399e6c3718fd7a290b4\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb\r\n Size/MD5: 102774 c0294bc33be421dc97b5a41f0962a305\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb\r\n Size/MD5: 77908 4f631989517676b33426d8196ce86089\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb\r\n Size/MD5: 21798 fd715839d6a485a560dc4ba3d6bd25f9\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_lpia.deb\r\n Size/MD5: 462086 df504130bd6ba53055514188ae319608\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_lpia.deb\r\n Size/MD5: 103382 81883010e7f156576925e34ee1bf3650\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_lpia.deb\r\n Size/MD5: 78050 4b0c1e4270759a4ebb0a4a3b3e819921\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_lpia.deb\r\n Size/MD5: 21628 f598818f8da06a03e82811d325a0d6aa\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_powerpc.deb\r\n Size/MD5: 491462 de9941dcdf7fbcce2ce1771157283b41\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_powerpc.deb\r\n Size/MD5: 115408 bf40900dd80d91fc9ba0da14079ba8ba\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_powerpc.deb\r\n Size/MD5: 85526 476aadeedd5fe54e094dd754eaf67a1a\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_powerpc.deb\r\n Size/MD5: 25534 2ce93cbcb6112d91c6b9099cb1f750ce\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_sparc.deb\r\n Size/MD5: 465896 ab3725414d6572e1d7297a9374aa29c7\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_sparc.deb\r\n Size/MD5: 105040 70accc7b795a5d0871ba555377860b77\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_sparc.deb\r\n Size/MD5: 82470 e9e0d296fac9c00496f07d743c52c7a9\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_sparc.deb\r\n Size/MD5: 21170 efa8d7e1d2a14f843d14f80dae9c755c\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-6ubuntu0.1.diff.gz\r\n Size/MD5: 14077 1472bf5d0d81031673a907939ca5e13f\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-6ubuntu0.1.dsc\r\n Size/MD5: 1240 06738b4c14538449ec70061555bd5b95\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz\r\n Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-6ubuntu0.1_amd64.deb\r\n Size/MD5: 481960 03bdebc10b57dff61913983f7e2c6b12\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-6ubuntu0.1_amd64.deb\r\n Size/MD5: 110800 1cd3c19e86f96a82543f00ecc200e450\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-6ubuntu0.1_amd64.deb\r\n Size/MD5: 96410 fd88dda1df522a5e4caa3a51f0af75ea\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-6ubuntu0.1_amd64.deb\r\n Size/MD5: 21064 f0206b2785ab195deddfbe3c551c1d53\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-6ubuntu0.1_i386.deb\r\n Size/MD5: 460010 a465712a5dee205bb3572c69882d84b3\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-6ubuntu0.1_i386.deb\r\n Size/MD5: 102444 335555688456137832536be14bc89c30\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-6ubuntu0.1_i386.deb\r\n Size/MD5: 78058 3528e4ca888274ae7c081425238d80f4\r\n http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-6ubuntu0.1_i386.deb\r\n Size/MD5: 22528 3e089ed25e17995ad21e0f9e48e2c192\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-6ubuntu0.1_lpia.deb\r\n Size/MD5: 461842 ca8cae4e451a3c39c8485d784a762688\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-6ubuntu0.1_lpia.deb\r\n Size/MD5: 103222 3372e8291fe8cbf4fb10ff8cef8daf46\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-6ubuntu0.1_lpia.deb\r\n Size/MD5: 78064 67727a08216b600b5a355e1a6c4a2723\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-6ubuntu0.1_lpia.deb\r\n Size/MD5: 22282 f8c2669196b70ae210155d5c49127c8e\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-6ubuntu0.1_powerpc.deb\r\n Size/MD5: 491998 f7edf9891a62bdaf437d24c012c0995a\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-6ubuntu0.1_powerpc.deb\r\n Size/MD5: 113120 3d8780b8b7983e7dac75c021a53a6b9d\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-6ubuntu0.1_powerpc.deb\r\n Size/MD5: 84114 a03a7b5b903cd91a3f9ac799ea3c8b91\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-6ubuntu0.1_powerpc.deb\r\n Size/MD5: 23840 56dda24b70b6717c7117bbec29d4e3fe\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-6ubuntu0.1_sparc.deb\r\n Size/MD5: 466488 2fd2ffcbb529131155b0f05fba03f376\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-6ubuntu0.1_sparc.deb\r\n Size/MD5: 106288 1d69667318f1e5deece70dc1af2dafac\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-6ubuntu0.1_sparc.deb\r\n Size/MD5: 82834 0a22a390ed4456a001a5b75db9394916\r\n http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-6ubuntu0.1_sparc.deb\r\n Size/MD5: 21412 354a11cb80e57366d473c1f490210a26\r\n\r\n\r\n", "edition": 1, "modified": "2009-11-25T00:00:00", "published": "2009-11-25T00:00:00", "id": "SECURITYVULNS:DOC:22832", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22832", "title": "[USN-861-1] libvorbis vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2008-2009", "CVE-2009-3379"], "description": "Multiple vulnerabilities on ogg files parsing.", "edition": 1, "modified": "2009-11-25T00:00:00", "published": "2009-11-25T00:00:00", "id": "SECURITYVULNS:VULN:10419", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10419", "title": "libvorbis library multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3379", "CVE-2009-3377", "CVE-2009-3378"], "description": "Mozilla Foundation Security Advisory 2009-63\r\n\r\nTitle: Upgrade media libraries to fix memory safety bugs\r\nImpact: Critical\r\nAnnounced: October 27, 2009\r\nReporter: Mozilla community and developers\r\nProducts: Firefox\r\n\r\nFixed in: Firefox 3.5.4\r\nDescription\r\n\r\nMozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer. liboggz, libvorbis, and liboggplay were all upgraded to address these issues.\r\n\r\nAudio and video capabilities were added in Firefox 3.5 so prior releases of Firefox were not affected.\r\nReferences\r\n\r\nGeorgi Guninski reported a crash in liboggz.\r\n\r\n * liboggz bugs\r\n * CVE-2009-3377\r\n\r\nLucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky reported crashes in libvorbis.\r\n\r\n * libvorbis bugs\r\n * CVE-2009-3379\r\n\r\nJuan Becerra reported a crash in liboggplay.\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=500311\r\n * CVE-2009-3378\r\n", "edition": 1, "modified": "2009-10-28T00:00:00", "published": "2009-10-28T00:00:00", "id": "SECURITYVULNS:DOC:22704", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22704", "title": "Mozilla Foundation Security Advisory 2009-63", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-1563", "CVE-2009-3376", "CVE-2009-3379", "CVE-2009-3274", "CVE-2009-3380", "CVE-2009-3373", "CVE-2009-3383", "CVE-2009-3372", "CVE-2009-3375", "CVE-2009-0689", "CVE-2009-3374", "CVE-2009-3371", "CVE-2009-3377", "CVE-2009-3382", "CVE-2009-3370", "CVE-2009-3381", "CVE-2009-3378"], "description": "Buffer ovefflows, privilege escalation, information leak, crossite scripting.", "edition": 1, "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "SECURITYVULNS:VULN:10356", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10356", "title": "Mozilla Firefox / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:19:46", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3379", "CVE-2009-2663"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1939-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nNovember 24, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libvorbis\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nDebian bug : 540958\nCVE Ids : CVE-2009-2663 CVE-2009-3379\n\nLucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered\nthat libvorbis, a library for the Vorbis general-purpose compressed\naudio codec, did not correctly handle certain malformed ogg files. An\nattacher could cause a denial of service (memory corruption and\napplication crash) or possibly execute arbitrary code via a crafted .ogg\nfile.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 1.1.2.dfsg-1.4+etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.2.0.dfsg-3.1+lenny1.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.2.3-1\n\nWe recommend that you upgrade your libvorbis packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4+etch1.diff.gz\n Size/MD5 checksum: 17870 2e11d2c0176fd0a8e796e80667a681d8\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz\n Size/MD5 checksum: 1312540 44cf09fef7f78e7c6ba7dd63b6137412\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4+etch1.dsc\n Size/MD5 checksum: 808 2a9e6b4dcd72e8bc8cf956404a1fb7ca\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_alpha.deb\n Size/MD5 checksum: 94682 9c20663d4f36265241830b388d90a455\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_alpha.deb\n Size/MD5 checksum: 19440 7caafa303b7fa32f0a6192d6b75b9874\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_alpha.deb\n Size/MD5 checksum: 110988 8751f9d236abbacaf14c7f5e5a57a078\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_alpha.deb\n Size/MD5 checksum: 495658 681d35e8b06a6d0d8c37f7c9fb5325c8\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_amd64.deb\n Size/MD5 checksum: 93808 ee1c37e468df9f96aa86ecf11a9c3050\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_amd64.deb\n Size/MD5 checksum: 18018 767aa39de969e302a62a8b1968aa8c39\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_amd64.deb\n Size/MD5 checksum: 102012 91d4ff0b056c721041ec925adb956623\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_amd64.deb\n Size/MD5 checksum: 463556 431c01bc7bc69936fdc4d4c1d32c12eb\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_arm.deb\n Size/MD5 checksum: 459034 52d059837ff4ec37205c65c952d10dfd\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_arm.deb\n Size/MD5 checksum: 75992 33f262fdec3a52f4d6e5cebd3238f600\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_arm.deb\n Size/MD5 checksum: 98776 7c24697b474af64e5a85625777d0bc8d\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_arm.deb\n Size/MD5 checksum: 18776 c00e2fcb4e65aa26d8a9d2fda4a86c0c\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_hppa.deb\n Size/MD5 checksum: 486808 97cee8dfb056da78638884749a4cd3bb\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_hppa.deb\n Size/MD5 checksum: 22180 97e127da32402398f9d3d073917aaf30\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_hppa.deb\n Size/MD5 checksum: 108614 9e7b5f226060f6d492aa5a37830e8382\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_hppa.deb\n Size/MD5 checksum: 92586 d768d0011d425413b5513cc6077c90cc\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_i386.deb\n Size/MD5 checksum: 19096 ddf590ab7c51f75015815e7500c73c02\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_i386.deb\n Size/MD5 checksum: 98656 d84b4ff35636254f8b79c4a1817a9f1b\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_i386.deb\n Size/MD5 checksum: 455630 419e92bd2278385d2332485bfb5ec1c4\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_i386.deb\n Size/MD5 checksum: 75688 8162e49e13fdd5f4f90b5e04737aef5b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_ia64.deb\n Size/MD5 checksum: 24924 8d0212e706fc747d46a3975aecab7216\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_ia64.deb\n Size/MD5 checksum: 136680 c1c52b4d20178d8f2cce5201965bdfd9\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_ia64.deb\n Size/MD5 checksum: 510898 b6c1d63e991ad6ac200b84a2ef2c7778\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_ia64.deb\n Size/MD5 checksum: 98322 3fabeea5ac4bccea511c9896e9348bd4\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_mips.deb\n Size/MD5 checksum: 479806 3d49befd4f109864db338470ca55cfc7\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_mips.deb\n Size/MD5 checksum: 81862 6d767ac118ce0a06283d21bb324769f4\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_mips.deb\n Size/MD5 checksum: 105506 b11a6faac0f84f7a39cd0926de7663d4\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_mips.deb\n Size/MD5 checksum: 21196 0d5bab8e1549e3de1800c81d3103cef5\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_mipsel.deb\n Size/MD5 checksum: 21184 4217f461a2c1d30891835bae475a4821\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_mipsel.deb\n Size/MD5 checksum: 105478 f3465e3a92fc170d74fbb0506e4680ad\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_mipsel.deb\n Size/MD5 checksum: 469818 126dd26c5dcde5fe3d600e0d40a9ceba\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_mipsel.deb\n Size/MD5 checksum: 77222 b9441d25e697dcc50d524f1877cfca5e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_powerpc.deb\n Size/MD5 checksum: 105636 a61d57534c62b311e960335f238c0470\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_powerpc.deb\n Size/MD5 checksum: 21596 cf321ab0979c9515553214fdbb4e133e\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_powerpc.deb\n Size/MD5 checksum: 481752 593995999d19a5d57c3478675e98c420\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_powerpc.deb\n Size/MD5 checksum: 82404 fd07873df7789ab093013b1baaee0edc\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_s390.deb\n Size/MD5 checksum: 90790 4408b9fbd5a4f7f942b65db63784e7a7\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_s390.deb\n Size/MD5 checksum: 103024 f3ea14da7a63f1cfbc44dc1339c40262\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_s390.deb\n Size/MD5 checksum: 453202 d0ba253a2d00eb5d250be7d0b99bb727\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_s390.deb\n Size/MD5 checksum: 21148 104ecad6b00ae020821510a23cdfa8b7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_sparc.deb\n Size/MD5 checksum: 460314 dac04732917ced67c8a81f708db6cfd4\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_sparc.deb\n Size/MD5 checksum: 98978 e83cbcf90ca35296f02f01d57b3e915e\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_sparc.deb\n Size/MD5 checksum: 79810 12328b2d6338996b25aeac8877331400\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_sparc.deb\n Size/MD5 checksum: 18084 46c1fef587328abad16f2fb4f47add8d\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1+lenny1.diff.gz\n Size/MD5 checksum: 10323 8a3c02bfdb7c2e6edc1a6ba952f4706e\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1+lenny1.dsc\n Size/MD5 checksum: 1280 0e4285bf0fc44a182f35b15b3bef92af\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz\n Size/MD5 checksum: 1477935 3c7fff70c0989ab3c1c85366bf670818\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_alpha.deb\n Size/MD5 checksum: 21514 54f57d2e85a0be5e1acad07ce954a168\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_alpha.deb\n Size/MD5 checksum: 115208 f6dc710dafeffbec73e13170d9105829\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_alpha.deb\n Size/MD5 checksum: 506716 140e414c05e73eab318a51f7d4aa2b8d\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_alpha.deb\n Size/MD5 checksum: 96064 73db866b777df1909563190182640945\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_amd64.deb\n Size/MD5 checksum: 478134 8ebe1257d8e115a5af1058f8a61d50bd\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_amd64.deb\n Size/MD5 checksum: 20274 a89e0200bbd700c8ed5661493534f02b\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_amd64.deb\n Size/MD5 checksum: 109190 f6ff320aee0bd6866e801206af4484f1\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_amd64.deb\n Size/MD5 checksum: 95610 cea6849521bd398355ca1532577d331d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_arm.deb\n Size/MD5 checksum: 20652 66ffe73d9861dcd3232dbd436f8dcc6b\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_arm.deb\n Size/MD5 checksum: 102034 cd5000ef6cacd9233d085ae95ea23d2b\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_arm.deb\n Size/MD5 checksum: 468072 30b862d2990829dcc6e981216367f969\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_arm.deb\n Size/MD5 checksum: 78076 37db0e079e0d0fd143ef3ec24346d007\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_armel.deb\n Size/MD5 checksum: 81476 5ab9275754100c446347e657240e875f\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_armel.deb\n Size/MD5 checksum: 111004 823aec12ac3297a641b2dea659618a1a\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_armel.deb\n Size/MD5 checksum: 23996 753c36a998841c8f8aefa4d934d5823b\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_armel.deb\n Size/MD5 checksum: 480568 2d544a79b74d22a2e680b521236ac4e7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_hppa.deb\n Size/MD5 checksum: 24294 f2ef7f0f4a071a61756b244a1c2f8fdd\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_hppa.deb\n Size/MD5 checksum: 498788 cc869f79c972f23a0d0a4fba7257f67b\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_hppa.deb\n Size/MD5 checksum: 114236 161bd0d31cdc44d0dce14f68af75d2bf\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_hppa.deb\n Size/MD5 checksum: 93650 2120a920860dbf8b027ab3d0f53e35c3\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_i386.deb\n Size/MD5 checksum: 101822 b35241103ae3b649b37082c75bb6c349\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_i386.deb\n Size/MD5 checksum: 77266 e6272466696d9b1307c446495933904a\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_i386.deb\n Size/MD5 checksum: 21228 5c64197678bc8102cac8d5e24ebf30f4\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_i386.deb\n Size/MD5 checksum: 465548 3b5e01cb7ed617ceef7cfac672c42061\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_ia64.deb\n Size/MD5 checksum: 27076 b10ab2d103d2c360fe8d865592170fed\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_ia64.deb\n Size/MD5 checksum: 145298 1a48bdf218f2ad34e214edbdb74d3017\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_ia64.deb\n Size/MD5 checksum: 100386 815eea5cd2cdd1f5c880d027e9d0d047\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_ia64.deb\n Size/MD5 checksum: 529794 243a7c8dc4d8005141b722709e00fefd\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_mips.deb\n Size/MD5 checksum: 23034 862ec33f1cdc5de0fe9d70a1dddabddc\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_mips.deb\n Size/MD5 checksum: 489974 335f4276e4ace9e795a708bb378293ed\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_mips.deb\n Size/MD5 checksum: 83664 5ebfbe684ab67af2070d7ebd78e920b6\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_mips.deb\n Size/MD5 checksum: 109642 9088464063081cf3db925abbd77f95ab\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_mipsel.deb\n Size/MD5 checksum: 78800 cbf9d026a528889229ede2fbbf07f9b1\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_mipsel.deb\n Size/MD5 checksum: 110172 56df9de194208745f918c2489fd07dc4\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_mipsel.deb\n Size/MD5 checksum: 23038 ebafe740326f2b2477e4a2932e0b1f20\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_mipsel.deb\n Size/MD5 checksum: 480462 354c01ff4d127cfbd90b5d2bbf115124\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_powerpc.deb\n Size/MD5 checksum: 84936 a8e159dfb4a7947ab21d03e42743f273\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_powerpc.deb\n Size/MD5 checksum: 489602 055f226558649f3824c77ccf8710b3ff\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_powerpc.deb\n Size/MD5 checksum: 25112 cbc19a2f5b18a39027a5f4796c328d38\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_powerpc.deb\n Size/MD5 checksum: 115288 69dcb48991d54cb44f440951453819be\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_s390.deb\n Size/MD5 checksum: 92652 332abcfbc21fde03527f98394d430589\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_s390.deb\n Size/MD5 checksum: 23374 459565d5bf6fb2423bb966585050f76e\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_s390.deb\n Size/MD5 checksum: 108572 d18b6585b3ac105589cbd85149f6dbf2\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_s390.deb\n Size/MD5 checksum: 464128 54fd2ed9b7f46e98c61717df93623179\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_sparc.deb\n Size/MD5 checksum: 104330 4c01729046cf263045262dbac19cf380\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_sparc.deb\n Size/MD5 checksum: 20572 737481d4662074e10faaec373056d761\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_sparc.deb\n Size/MD5 checksum: 81536 6ac89e9942629ddbf7e1bbf21226fda1\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_sparc.deb\n Size/MD5 checksum: 472582 bb723b7a07db184b259c28d757d1e271\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2009-11-24T22:41:33", "published": "2009-11-24T22:41:33", "id": "DEBIAN:DSA-1939-1:4E1D6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00262.html", "title": "[SECURITY] [DSA 1939-1] New libvorbis packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1420", "CVE-2009-3379"], "description": "\nThe Ubuntu security team reports:\n\nIt was discovered that libvorbis did not correctly\n\t handle certain malformed vorbis files. If a user were\n\t tricked into opening a specially crafted vorbis file\n\t with an application that uses libvorbis, an attacker\n\t could cause a denial of service or possibly execute\n\t arbitrary code with the user's privileges.\n\n", "edition": 4, "modified": "2009-11-24T00:00:00", "published": "2009-11-24T00:00:00", "id": "94EDFF42-D93D-11DE-A434-0211D880E350", "href": "https://vuxml.freebsd.org/freebsd/94edff42-d93d-11de-a434-0211d880e350.html", "title": "libvorbis -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1563", "CVE-2009-3376", "CVE-2009-3379", "CVE-2009-3274", "CVE-2009-3380", "CVE-2009-3373", "CVE-2009-3383", "CVE-2009-3372", "CVE-2009-3375", "CVE-2009-3374", "CVE-2009-3371", "CVE-2009-3377", "CVE-2009-3382", "CVE-2009-3370", "CVE-2009-3381", "CVE-2009-3378"], "description": "\nMozilla Foundation reports:\n\nMFSA 2009-64 Crashes with evidence of memory\n\t corruption (rv:1.9.1.4/ 1.9.0.15)\nMFSA 2009-63 Upgrade media libraries to fix memory\n\t safety bugs\nMFSA 2009-62 Download filename spoofing with RTL\n\t override\nMFSA 2009-61 Cross-origin data theft through\n\t document.getSelection()\nMFSA 2009-59 Heap buffer overflow in string to\n\t number conversion\nMFSA 2009-57 Chrome privilege escalation in\n\t XPCVariant::VariantDataToJS()\nMFSA 2009-56 Heap buffer overflow in GIF color map\n\t parser\nMFSA 2009-55 Crash in proxy auto-configuration\n\t regexp parsing\nMFSA 2009-54 Crash with recursive web-worker calls\nMFSA 2009-53 Local downloaded file tampering\nMFSA 2009-52 Form history vulnerable to stealing\n\n", "edition": 4, "modified": "2009-12-14T00:00:00", "published": "2009-10-27T00:00:00", "id": "C87AA2D2-C3C4-11DE-AB08-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/c87aa2d2-c3c4-11de-ab08-000f20797ede.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2663", "CVE-2009-3379"], "description": "Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis. ", "modified": "2009-11-10T17:52:37", "published": "2009-11-10T17:52:37", "id": "FEDORA:DF86B10F8A5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: libvorbis-1.2.0-9.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2663", "CVE-2009-3379"], "description": "Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis. ", "modified": "2009-11-10T17:43:32", "published": "2009-11-10T17:43:32", "id": "FEDORA:EB12810F899", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: libvorbis-1.2.0-7.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:32:51", "description": "BUGTRAQ ID: 36872,36871,36870,36866,36869,36873,36875\r\nCVE ID: CVE-2009-3377,CVE-2009-3378,CVE-2009-3379,CVE-2009-3380,CVE-2009-3381,CVE-2009-3382,CVE-2009-3383\r\n\r\nFirefox\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nFirefox\u6240\u4f7f\u7528\u7684liboggz\u3001libvorbis\u548cliboggplay\u5a92\u4f53\u6e32\u67d3\u5e93\u53ca\u6d4f\u89c8\u5668\u5f15\u64ce\u3001JavaScript\u5f15\u64ce\u4e2d\u5b58\u5728\u591a\u4e2a\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7f51\u9875\u6216\u5a92\u4f53\u6587\u4ef6\u94fe\u63a5\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e9b\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u6d4f\u89c8\u5668\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nMozilla Firefox 3.5.x\r\nMozilla Firefox 3.0.x\r\nMozilla SeaMonkey 1.1.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1922-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1922-1\uff1aNew xulrunner packages fix several vulnerabilities\r\n\u94fe\u63a5\uff1ahttp://www.debian.org/security/2009/dsa-1922\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15-0lenny1.diff.gz\r\nSize/MD5 checksum: 116164 3d995b59ffe890d36117f3103f38b9b1\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15-0lenny1.dsc\r\nSize/MD5 checksum: 1779 7e8392a8b59ef9064df564ee03c23b14\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15.orig.tar.gz\r\nSize/MD5 checksum: 44085950 49aa2aee64997f9e802cf386d038d2d7\r\n\r\nArchitecture independent packages:\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.15-0lenny1_all.deb\r\nSize/MD5 checksum: 1464278 ea66718b41a4c282284d37672d0e7078\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_alpha.deb\r\nSize/MD5 checksum: 9494314 8cd7366b90d39c5c64064d1fb17c1022\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_alpha.deb\r\nSize/MD5 checksum: 938304 bf39af51a378ed039c545730664857aa\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_alpha.deb\r\nSize/MD5 checksum: 221588 1dd219c2812ca8d23fff415c9555d3db\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_alpha.deb\r\nSize/MD5 checksum: 432182 5d32bfa9665c32fb1738f416f739b3ae\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_alpha.deb\r\nSize/MD5 checksum: 3651374 14dd5f555695db43b94ceab3260c680d\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_alpha.deb\r\nSize/MD5 checksum: 51089582 fa7f8faad8460d1049e9fb8f6fd1f7bb\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_alpha.deb\r\nSize/MD5 checksum: 163912 d488634f9d36f6d0afcc7b27ee6699a0\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_alpha.deb\r\nSize/MD5 checksum: 112022 9666fd74cd00bc0643993acc22d40c91\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_alpha.deb\r\nSize/MD5 checksum: 71980 602c6780c2328141871f5d94b8a163f4\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_amd64.deb\r\nSize/MD5 checksum: 69898 c0295f0b7e6957f236d769dc8bdfd2ca\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_amd64.deb\r\nSize/MD5 checksum: 890260 2d4cb08b3e886e06be04ec7e43a82b0f\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_amd64.deb\r\nSize/MD5 checksum: 151952 3e20640a2f4eb68a58731bba532aedb0\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_amd64.deb\r\nSize/MD5 checksum: 50327552 5779e5efb1f7b6612bf8a774a8e8cd6a\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_amd64.deb\r\nSize/MD5 checksum: 374218 86b4b4a30f5f30f4492fe11eca93dace\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_amd64.deb\r\nSize/MD5 checksum: 3287960 741031dbbba1f6c6e8fe045d71547905\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_amd64.deb\r\nSize/MD5 checksum: 222992 3e801bb57c442128512e599af5c9547e\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_amd64.deb\r\nSize/MD5 checksum: 7722556 cc9b8e7ac989143255cb6ad53ce84884\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_amd64.deb\r\nSize/MD5 checksum: 101512 396f03e0770dd73cf5820354a8b94a0f\r\n\r\narmel architecture (ARM EABI)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_armel.deb\r\nSize/MD5 checksum: 223358 a881797fcf62521c0ab538e72b33bb70\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_armel.deb\r\nSize/MD5 checksum: 84272 1602bc59310724ee0f20d8f5a0ac0a8c\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_armel.deb\r\nSize/MD5 checksum: 821892 79baa048d939ac77273ac50237c7bfe3\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_armel.deb\r\nSize/MD5 checksum: 69726 cd5970b1776e5777686ce9208c074e79\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_armel.deb\r\nSize/MD5 checksum: 6954730 a8a092eab78826ef9ed0e98e8d7251bb\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_armel.deb\r\nSize/MD5 checksum: 141248 47668db41fd86750793bae3f59ff623e\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_armel.deb\r\nSize/MD5 checksum: 352870 99357abd251ccfe354b28ed441256eb4\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_armel.deb\r\nSize/MD5 checksum: 50116888 a19877e49d8d1037458d2531873181e0\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_armel.deb\r\nSize/MD5 checksum: 3579420 9091ebebb2d0b23a8f10300ff7340c16\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_hppa.deb\r\nSize/MD5 checksum: 105902 14573c4144b48dfcdeadca11dbf28fd1\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_hppa.deb\r\nSize/MD5 checksum: 412252 703d501036427f18e6ffc3841c0434e7\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_hppa.deb\r\nSize/MD5 checksum: 158830 9c6c95e2c55a59adaa4314022adaba97\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_hppa.deb\r\nSize/MD5 checksum: 9512434 b479cbca6e9244681e8acf58afba706e\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_hppa.deb\r\nSize/MD5 checksum: 51210900 7b5ae111a77a354adadb9a019892970b\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_hppa.deb\r\nSize/MD5 checksum: 3621952 4a3cef66aa1b240f42c4c4c4de41ca64\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_hppa.deb\r\nSize/MD5 checksum: 222858 1f6d47dc993cbc9a068517a06492beb9\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_hppa.deb\r\nSize/MD5 checksum: 898430 c63b30f2604b2a08d9fed108253b6b5b\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_hppa.deb\r\nSize/MD5 checksum: 71384 50c3026bc0d90b912e74c0892ac3cd8c\r\n\r\ni386 architecture (Intel ia32)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_i386.deb\r\nSize/MD5 checksum: 851844 28f3d2c286d83a90df609b21699baf97\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_i386.deb\r\nSize/MD5 checksum: 79142 61aff31316b603d03921eb89b5df073b\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_i386.deb\r\nSize/MD5 checksum: 3565362 fd8674b08b704e5f0f9ef790da65b7f8\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_i386.deb\r\nSize/MD5 checksum: 141410 0182fcff2acf3987fa15128659fe7b38\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_i386.deb\r\nSize/MD5 checksum: 6602586 03aed73b528a0e36cef99361ae9da656\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_i386.deb\r\nSize/MD5 checksum: 49492306 82d2789b64cedcbf2406a09131032764\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_i386.deb\r\nSize/MD5 checksum: 223182 1872e9d86b45cb1b29f20c4d75467200\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_i386.deb\r\nSize/MD5 checksum: 350814 4e647513b860210f0c1bc1caef893e9f\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_i386.deb\r\nSize/MD5 checksum: 68094 f9e97cd83f976afa8959ea9f774f1994\r\n\r\nia64 architecture (Intel ia64)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_ia64.deb\r\nSize/MD5 checksum: 223134 2ae79c69711959cb6cd75026882abd60\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_ia64.deb\r\nSize/MD5 checksum: 542104 a8b314bf8ad3c48e1ab4ed231b83a450\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_ia64.deb\r\nSize/MD5 checksum: 121518 18ec63c6f78623b2c744d9362d4b2be6\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_ia64.deb\r\nSize/MD5 checksum: 76492 22f1645790b9540cc1a3b795573b3e46\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_ia64.deb\r\nSize/MD5 checksum: 49667940 d01b4ee9da9f802eb24749992dd14be2\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_ia64.deb\r\nSize/MD5 checksum: 180184 b26234c2f0d54a61e771ee478828c628\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_ia64.deb\r\nSize/MD5 checksum: 11301676 95599d73eb33ae7e9613d92304b8d813\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_ia64.deb\r\nSize/MD5 checksum: 811176 33ceb8965e9db8d79020777ab55e1838\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_ia64.deb\r\nSize/MD5 checksum: 3397550 7eff41c031481161dfab1bc83cfa8450\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_mipsel.deb\r\nSize/MD5 checksum: 49965510 8997b286648f39786e86826b5045e69d\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_mipsel.deb\r\nSize/MD5 checksum: 223146 2bdf56823a2075c6bbd4fe3fc2e0646c\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_mipsel.deb\r\nSize/MD5 checksum: 7375092 29d842979cbc5ee6ad659cf13927788b\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_mipsel.deb\r\nSize/MD5 checksum: 96764 5fa81a5541ae261f0a72b91bb5bf6626\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_mipsel.deb\r\nSize/MD5 checksum: 144986 d3da343322c085f952511248e3a69345\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_mipsel.deb\r\nSize/MD5 checksum: 900210 b87e5f91341b390cb2f1603a1071aff7\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_mipsel.deb\r\nSize/MD5 checksum: 3308536 7c5f7065d8961c7fc0ca7fb974e6611c\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_mipsel.deb\r\nSize/MD5 checksum: 69836 ace8648bf416d4804db9644c487dcdf1\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_mipsel.deb\r\nSize/MD5 checksum: 378586 18fd2ced744197472973e2cae61d4d64\r\n\r\npowerpc architecture (PowerPC)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_powerpc.deb\r\nSize/MD5 checksum: 362482 a0bf9d0ba7a4695378f7ea053cd9cc46\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_powerpc.deb\r\nSize/MD5 checksum: 3283604 b98767e9b18704a2482c731309eef892\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_powerpc.deb\r\nSize/MD5 checksum: 51378802 bed95771a8d00f88bedc12d480ed91f0\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_powerpc.deb\r\nSize/MD5 checksum: 94786 fb7b21596585931a6edda7e2bebae561\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_powerpc.deb\r\nSize/MD5 checksum: 152276 d83cf113d2600c6ca9e691dfd25a1466\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_powerpc.deb\r\nSize/MD5 checksum: 7275222 008f00164ecbc43c681f1743ba33c0e8\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_powerpc.deb\r\nSize/MD5 checksum: 72990 2982ec8818b1ae7b47241dcdb046c8e0\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_powerpc.deb\r\nSize/MD5 checksum: 887776 9853592dc50b738bd7b223fc78c030c3\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_powerpc.deb\r\nSize/MD5 checksum: 223140 96d915d392dbb2cdc3a09268d97a206f\r\n\r\ns390 architecture (IBM S/390)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_s390.deb\r\nSize/MD5 checksum: 3306276 95d049eaa0c2b95b8f98f2295d984454\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_s390.deb\r\nSize/MD5 checksum: 406680 9efe79857bd5fc05bf567f4840109135\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_s390.deb\r\nSize/MD5 checksum: 223124 ee4ed0dc817d276cbe22bcb5ef6314af\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_s390.deb\r\nSize/MD5 checksum: 51172466 33aeec198869e5b92132775938f1dba6\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_s390.deb\r\nSize/MD5 checksum: 8387566 5cf074573a634121d0981d927bdf8dc5\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_s390.deb\r\nSize/MD5 checksum: 105540 ad95c071cf5d0f16301e004800626ab6\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_s390.deb\r\nSize/MD5 checksum: 156084 69c04262268e1b13ffac80f8827e5776\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_s390.deb\r\nSize/MD5 checksum: 909030 9d9a82bbaa3501f41dd810c3bf3e7b0b\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_s390.deb\r\nSize/MD5 checksum: 72868 738b9ff7dafce724b01f032e568d145d\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_sparc.deb\r\nSize/MD5 checksum: 143228 8017cc9ebd542b69b5a33328e4db72fd\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_sparc.deb\r\nSize/MD5 checksum: 69342 2a626affc178cb0bed8bd8dc0302308b\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_sparc.deb\r\nSize/MD5 checksum: 821126 3107a47d82efbaf745b0a7355df82271\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_sparc.deb\r\nSize/MD5 checksum: 223230 41277488a9fbf77e3864848e36ad1040\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_sparc.deb\r\nSize/MD5 checksum: 7174794 ff98cd42b01c1b6da7f443a8513ec516\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_sparc.deb\r\nSize/MD5 checksum: 350084 53b49c566cc58af0976b24382a144a16\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_sparc.deb\r\nSize/MD5 checksum: 88202 d8ed5ea8a627c996c8890521551e14b3\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_sparc.deb\r\nSize/MD5 checksum: 49353618 3919a69140cbf1cc726b9142a7f33f23\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_sparc.deb\r\nSize/MD5 checksum: 3577270 0709623512ba6d57f6a475f8382b20a2\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2009:1530-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2009:1530-01\uff1aCritical: firefox security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2009-1530.html", "published": "2009-11-03T00:00:00", "title": "Mozilla Firefox\u591a\u4e2a\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3377", "CVE-2009-3378", "CVE-2009-3379", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383"], "modified": "2009-11-03T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12570", "id": "SSV:12570", "sourceData": "\n https://bugzilla.mozilla.org/attachment.cgi?id=384979\r\nhttps://bugzilla.mozilla.org/attachment.cgi?id=385294\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-12570"}], "suse": [{"lastseen": "2016-09-04T12:11:40", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1563", "CVE-2009-3376", "CVE-2009-3379", "CVE-2009-3274", "CVE-2009-3380", "CVE-2009-3373", "CVE-2009-3383", "CVE-2009-3372", "CVE-2009-3375", "CVE-2009-3374", "CVE-2009-3371", "CVE-2009-3377", "CVE-2009-3382", "CVE-2009-3370", "CVE-2009-3381", "CVE-2009-3378"], "description": "The Mozilla Firefox browser was updated to fix various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-11-04T14:24:35", "published": "2009-11-04T14:24:35", "id": "SUSE-SA:2009:052", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00001.html", "type": "suse", "title": "remote code execution in MozillaFirefox", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "edition": 1, "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}