Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2013-13523.NASL
HistoryJul 28, 2013 - 12:00 a.m.

Fedora 19 : fontmatrix-0.9.99-12.r1218.fc19 / icu-50.1.2-7.fc19 / libreoffice-4.1.0.3-2.fc19 / etc (2013-13523)

2013-07-2800:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

This is an update for icu. Unfortunately, one of the fixes adds a new virtual function to LayoutEngine class, breaking ABI. So dependent packages have to be updated too.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-13523.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(69085);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-1569", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2419");
  script_bugtraq_id(59131, 59166, 59179, 59190);
  script_xref(name:"FEDORA", value:"2013-13523");

  script_name(english:"Fedora 19 : fontmatrix-0.9.99-12.r1218.fc19 / icu-50.1.2-7.fc19 / libreoffice-4.1.0.3-2.fc19 / etc (2013-13523)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This is an update for icu. Unfortunately, one of the fixes adds a new
virtual function to LayoutEngine class, breaking ABI. So dependent
packages have to be updated too.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=952656"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=952708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=952709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=952711"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112689.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8e4aa87e"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112690.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?522bd8b6"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112691.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7c8b3f4b"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112692.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?9b3ff77e"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112693.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?15bf25ec"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fontmatrix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:icu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libreoffice");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openttd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pyicu");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/07/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC19", reference:"fontmatrix-0.9.99-12.r1218.fc19")) flag++;
if (rpm_check(release:"FC19", reference:"icu-50.1.2-7.fc19")) flag++;
if (rpm_check(release:"FC19", reference:"libreoffice-4.1.0.3-2.fc19")) flag++;
if (rpm_check(release:"FC19", reference:"openttd-1.3.2-0.2.RC1.fc19")) flag++;
if (rpm_check(release:"FC19", reference:"pyicu-1.5-2.fc19")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fontmatrix / icu / libreoffice / openttd / pyicu");
}
VendorProductVersionCPE
fedoraprojectfedorafontmatrixp-cpe:/a:fedoraproject:fedora:fontmatrix
fedoraprojectfedoraicup-cpe:/a:fedoraproject:fedora:icu
fedoraprojectfedoralibreofficep-cpe:/a:fedoraproject:fedora:libreoffice
fedoraprojectfedoraopenttdp-cpe:/a:fedoraproject:fedora:openttd
fedoraprojectfedorapyicup-cpe:/a:fedoraproject:fedora:pyicu
fedoraprojectfedora19cpe:/o:fedoraproject:fedora:19

Related

nessus 50
openvas 54
fedora 13
cve 4
debiancve 4
prion 4
ubuntucve 4
debian 3
securityvulns 5
osv 2
ubuntu 5
seebug 1
veracode 4
zdt 1
exploitpack 1
suse 7
zdi 3
redhat 9
packetstorm 1
exploitdb 1
centos 3
oraclelinux 3
amazon 2
ibm 15
nessus
nessus
Fedora 18 : fontmatrix-0.9.99-9.r1218.fc18 / icu-49.1.1-10.fc18 / libreoffice-3.6.7.2-3.fc18 / etc (2013-13479)
2013-08-05 00:00:00
Ubuntu 12.04 LTS : icu regression (USN-2522-2)
2015-03-09 00:00:00
Ubuntu 12.04 LTS : icu vulnerabilities (USN-2522-3)
2015-03-11 00:00:00
openvas
openvas
Fedora Update for openttd FEDORA-2013-13479
2013-08-08 00:00:00
Fedora Update for pyicu FEDORA-2013-13479
2013-08-08 00:00:00
Fedora Update for fontmatrix FEDORA-2013-13523
2013-08-20 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: libreoffice-3.6.7.2-3.fc18
2013-08-03 23:56:10
[SECURITY] Fedora 18 Update: pyicu-1.4-2.fc18
2013-08-03 23:56:09
[SECURITY] Fedora 18 Update: fontmatrix-0.9.99-9.r1218.fc18
2013-08-03 23:56:09
cve
cve
CVE-2013-2383
2013-04-17 18:55:00
CVE-2013-2384
2013-04-17 18:55:00
CVE-2013-2419
2013-04-17 18:55:00
debiancve
debiancve
CVE-2013-2383
2013-04-17 18:55:00
CVE-2013-2384
2013-04-17 18:55:00
CVE-2013-2419
2013-04-17 18:55:00
prion
prion
Design/Logic Flaw
2013-04-17 18:55:00
Design/Logic Flaw
2013-04-17 18:55:00
Design/Logic Flaw
2013-04-17 18:55:00
ubuntucve
ubuntucve
CVE-2013-2384
2013-04-17 00:00:00
CVE-2013-2383
2013-04-17 00:00:00
CVE-2013-1569
2013-04-17 00:00:00
debian
debian
[SECURITY] [DSA 3187-1] icu security update
2015-03-15 05:02:23
[SECURITY] [DLA 219-1] icu security update
2015-05-14 09:45:27
[SECURITY] [DSA 3187-1] icu security update
2015-03-15 05:02:23
securityvulns
securityvulns
libicu multiple security vulnerabilities
2015-03-07 00:00:00
[USN-2522-1] ICU vulnerabilities
2015-03-07 00:00:00
SEC Consult SA-20130417-1 :: Java ActiveX Control Memory Corruption
2013-04-22 00:00:00
osv
osv
icu - security update
2015-03-15 00:00:00
icu - security update
2015-05-14 00:00:00
ubuntu
ubuntu
ICU regression
2015-03-06 00:00:00
ICU vulnerabilities
2015-03-05 00:00:00
ICU vulnerabilities
2015-03-10 00:00:00
seebug
seebug
Java Web Start Launcher ActiveX Control - Memory Corruption
2014-07-01 00:00:00
veracode
veracode
Improper Access Control
2019-05-02 04:44:36
Sandbox Restrictions Bypass
2019-05-02 04:44:37
Improper Access Control
2019-05-02 04:44:36
zdt
zdt
Java Web Start Launcher ActiveX Control - Memory Corruption
2013-04-18 00:00:00
exploitpack
exploitpack
Java Web Start Launcher ActiveX Control - Memory Corruption
2013-04-18 00:00:00
suse
suse
Security update for Java 1.4.2 (important)
2013-06-10 18:09:23
Security update for java-1_6_0-openjdk (important)
2013-05-21 20:04:20
Security update for Java 1.5.0 (important)
2013-06-10 15:04:15
zdi
zdi
Oracle Java mort TTF Table Remote Code Execution Vulnerability
2013-05-10 00:00:00
Oracle Java GSUB TTF Table LookupCount Remote Code Execution Vulnerability
2013-05-10 00:00:00
Oracle Java mort TTF Table Ligature Substitution Remote Code Execution Vulnerability
2013-05-10 00:00:00
redhat
redhat
(RHSA-2013:0855) Important: java-1.5.0-ibm security update
2013-05-22 00:00:00
(RHSA-2013:0770) Important: java-1.6.0-openjdk security update
2013-04-24 00:00:00
(RHSA-2013:0752) Important: java-1.7.0-openjdk security update
2013-04-17 00:00:00
packetstorm
packetstorm
Java Web Start Launcher Memory Corruption
2013-04-17 00:00:00
exploitdb
exploitdb
Java Web Start Launcher ActiveX Control - Memory Corruption
2013-04-18 00:00:00
centos
centos
java security update
2013-04-24 20:56:24
java security update
2013-04-17 21:01:08
java security update
2013-04-17 22:33:59
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-04-24 00:00:00
java-1.7.0-openjdk security update
2013-04-17 00:00:00
java-1.7.0-openjdk security update
2013-04-17 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-04-25 20:40:00
Critical: java-1.7.0-openjdk
2013-04-18 13:59:00
ibm
ibm
IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6
2018-06-15 06:56:55
Security Bulletin: IBM WebSphere Business Services Fabric – Information regarding a security vulnerability in IBM SDK for Java that shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)
2022-09-25 21:06:56
Security Bulletin: WebSphere Application Server - IBM SDK for Java April 2013 CPU
2022-09-26 05:45:55
JSON
Related for FEDORA_2013-13523.NASL
nessus50openvas54fedora13cve4debiancve4prion4ubuntucve4debian3securityvulns5osv2ubuntu5seebug1veracode4zdt1exploitpack1suse7zdi3redhat9packetstorm1exploitdb1centos3oraclelinux3amazon2ibm15