Update to apr-util-1.3.7-1.fc11 (2009-6261) for Fedora 1
Reporter | Title | Published | Views | Family All 155 |
---|---|---|---|---|
OpenVAS | CentOS Security Advisory CESA-2009:1107 (apr-util) | 23 Jun 200900:00 | – | openvas |
OpenVAS | SLES11: Security update for libapr-util1 | 11 Oct 200900:00 | – | openvas |
OpenVAS | Fedora Core 11 FEDORA-2009-6261 (apr-util) | 30 Jun 200900:00 | – | openvas |
OpenVAS | Fedora Core 9 FEDORA-2009-6014 (apr-util) | 30 Jun 200900:00 | – | openvas |
OpenVAS | RedHat Security Advisory RHSA-2009:1107 | 23 Jun 200900:00 | – | openvas |
OpenVAS | CentOS Update for apr-util CESA-2009:1107 centos5 i386 | 9 Aug 201100:00 | – | openvas |
OpenVAS | Fedora Core 10 FEDORA-2009-5969 (apr-util) | 30 Jun 200900:00 | – | openvas |
OpenVAS | Fedora Core 11 FEDORA-2009-6261 (apr-util) | 30 Jun 200900:00 | – | openvas |
OpenVAS | SLES10: Security update for libapr-util1 | 13 Oct 200900:00 | – | openvas |
OpenVAS | Gentoo Security Advisory GLSA 200907-03 (apr-util) | 6 Jul 200900:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2009-6261.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(39505);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2009-0023", "CVE-2009-1955", "CVE-2009-1956");
script_bugtraq_id(35221, 35251, 35253);
script_xref(name:"FEDORA", value:"2009-6261");
script_name(english:"Fedora 11 : apr-util-1.3.7-1.fc11 (2009-6261)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Update to upstream version 1.3.7, see:
http://svn.apache.org/repos/asf/apr /apr-util/tags/1.3.7/CHANGES
Security fixes: - CVE-2009-0023 Fix underflow in
apr_strmatch_precompile. - CVE-2009-1955 Fix a denial of service
attack against the apr_xml_* interface using the 'billion laughs'
entity expansion technique. - CVE-2009-1956 Fix off by one overflow in
apr_brigade_vprintf. Note: CVE-2009-1956 is only an issue on
big-endian architectures.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# http://svn.apache.org/repos/asf/apr
script_set_attribute(
attribute:"see_also",
value:"http://svn.apache.org/repos/asf/apr/"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=503928"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=504390"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=504555"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025582.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?5b685ccf"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected apr-util package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(119, 189, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:apr-util");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");
script_set_attribute(attribute:"patch_publication_date", value:"2009/06/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/25");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC11", reference:"apr-util-1.3.7-1.fc11")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apr-util");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo