Fedora 13 : webkitgtk-1.2.7-1.fc13 (2011-1224)

2011-02-1800:00:00

www.tenable.com

Fixes the following CVEs: CVE-2010-4492 CVE-2010-4493 CVE-2011-0482 CVE-2010-4199 CVE-2010-4578 CVE-2010-4040 CVE-2011-0778 CVE-2010-2901 CVE-2010-4042
- Fixes a regression caused by earlier fix for CVE-2010-1791. This caused webkitgtk to crash on certain sites with JavaScript.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2011-1224.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(52018);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2010-2901", "CVE-2010-4040", "CVE-2010-4042", "CVE-2010-4199", "CVE-2010-4492", "CVE-2010-4493", "CVE-2010-4578", "CVE-2011-0482", "CVE-2011-0778");
  script_bugtraq_id(41976, 44241, 44646, 45170, 45390, 45788, 46144);
  script_xref(name:"FEDORA", value:"2011-1224");

  script_name(english:"Fedora 13 : webkitgtk-1.2.7-1.fc13 (2011-1224)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Fixes the following CVEs: CVE-2010-4492 CVE-2010-4493
    CVE-2011-0482 CVE-2010-4199 CVE-2010-4578 CVE-2010-4040
    CVE-2011-0778 CVE-2010-2901 CVE-2010-4042

  - Fixes a regression caused by earlier fix for
    CVE-2010-1791. This caused webkitgtk to crash on certain
    sites with JavaScript.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=656122"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=657101"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=676201"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=676202"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=676203"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=676207"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=676209"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=676210"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=676212"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/054157.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?5738a9dc"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected webkitgtk package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkitgtk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC13", reference:"webkitgtk-1.2.7-1.fc13")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkitgtk");
}

VendorProductVersionCPE
fedoraprojectfedorawebkitgtkp-cpe:/a:fedoraproject:fedora:webkitgtk
fedoraprojectfedora13cpe:/o:fedoraproject:fedora:13

Vendor	Product	Version	CPE
fedoraproject	fedora	webkitgtk	p-cpe:/a:fedoraproject:fedora:webkitgtk
fedoraproject	fedora	13	cpe:/o:fedoraproject:fedora:13

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2901

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4042

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4199

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4492

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4493

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4578

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0482

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0778

www.nessus.org/u?5738a9dc

bugzilla.redhat.com/show_bug.cgi?id=656122

bugzilla.redhat.com/show_bug.cgi?id=657101

bugzilla.redhat.com/show_bug.cgi?id=676201

bugzilla.redhat.com/show_bug.cgi?id=676202

bugzilla.redhat.com/show_bug.cgi?id=676203

bugzilla.redhat.com/show_bug.cgi?id=676207

bugzilla.redhat.com/show_bug.cgi?id=676209

bugzilla.redhat.com/show_bug.cgi?id=676210

bugzilla.redhat.com/show_bug.cgi?id=676212

JSON

Related for FEDORA_2011-1224.NASL