Search...

GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities

2013-12-09T00:00:00

ID GENTOO_GLSA-201312-07.NASL
Type nessus
Reporter This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
Modified 2013-12-09T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-201312-07 (OpenEXR: Multiple Vulnerabilities)

Multiple vulnerabilities have been discovered in OpenEXR. Please review
  the CVE identifiers referenced below for details.

Impact :

A context-dependent attacker could execute arbitrary code or cause a
  Denial of Service condition via unspecified vectors.

Workaround :

There is no known workaround at this time.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201312-07.
#
# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(71259);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2009-1720", "CVE-2009-1721");
  script_xref(name:"GLSA", value:"201312-07");

  script_name(english:"GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201312-07
(OpenEXR: Multiple Vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenEXR. Please review
      the CVE identifiers referenced below for details.
  
Impact :

    A context-dependent attacker could execute arbitrary code or cause a
      Denial of Service condition via unspecified vectors.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201312-07"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All OpenEXR users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '&gt;=media-libs/openexr-1.7.0'
    Packages which depend on this library may need to be recompiled. Tools
      such as revdep-rebuild may assist in identifying some of these packages.
    NOTE: This is a legacy GLSA. Updates for all affected architectures are
      available since December 08, 2010. It is likely that your system is
      already no longer affected by this issue."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(16, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openexr");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"media-libs/openexr", unaffected:make_list("ge 1.7.0"), vulnerable:make_list("lt 1.7.0"))) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenEXR");
}

JSON Vulners Source

Initial Source

{"id": "GENTOO_GLSA-201312-07.NASL", "bulletinFamily": "scanner", "title": "GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201312-07\n(OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could execute arbitrary code or cause a\n Denial of Service condition via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2013-12-09T00:00:00", "modified": "2013-12-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/71259", "reporter": "This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201312-07"], "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "type": "nessus", "lastseen": "2021-01-07T10:55:22", "edition": 23, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1721", "CVE-2009-1720"]}, {"type": "gentoo", "idList": ["GLSA-201312-07"]}, {"type": "nessus", "idList": ["SUSE_11_OPENEXR-090804.NASL", "FEDORA_2009-8132.NASL", "UBUNTU_USN-831-1.NASL", "SUSE_OPENEXR-6392.NASL", "MANDRIVA_MDVSA-2009-190.NASL", "SUSE_11_1_OPENEXR-090804.NASL", "SUSE_OPENEXR-6393.NASL", "FEDORA_2009-8136.NASL", "SUSE_11_0_OPENEXR-090804.NASL", "DEBIAN_DSA-1842.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065713", "OPENVAS:136141256231064543", "OPENVAS:65946", "OPENVAS:65713", "OPENVAS:136141256231064533", "OPENVAS:64533", "OPENVAS:64543", "OPENVAS:64544", "OPENVAS:136141256231065946", "OPENVAS:1361412562310121088"]}, {"type": "fedora", "idList": ["FEDORA:23C2510F88F", "FEDORA:E845A10F875"]}, {"type": "ubuntu", "idList": ["USN-831-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10120", "SECURITYVULNS:DOC:22229", "SECURITYVULNS:DOC:22251", "SECURITYVULNS:VULN:10104"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1842-1:0BB8E"]}, {"type": "seebug", "idList": ["SSV:11998"]}], "modified": "2021-01-07T10:55:22", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-01-07T10:55:22", "rev": 2}, "vulnersScore": 7.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201312-07.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71259);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_xref(name:\"GLSA\", value:\"201312-07\");\n\n script_name(english:\"GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201312-07\n(OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could execute arbitrary code or cause a\n Denial of Service condition via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201312-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenEXR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/openexr-1.7.0'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since December 08, 2010. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openexr\", unaffected:make_list(\"ge 1.7.0\"), vulnerable:make_list(\"lt 1.7.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "71259", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:openexr"], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:40:01", "description": "Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.", "edition": 5, "cvss3": {}, "published": "2009-07-31T19:00:00", "title": "CVE-2009-1720", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1720"], "modified": "2012-10-23T03:06:00", "cpe": ["cpe:/a:openexr:openexr:1.2.2", "cpe:/a:openexr:openexr:1.6.1"], "id": "CVE-2009-1720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1720", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:openexr:openexr:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:01", "description": "The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.", "edition": 5, "cvss3": {}, "published": "2009-07-31T19:00:00", "title": "CVE-2009-1721", "type": "cve", "cwe": ["CWE-16"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1721"], "modified": "2012-10-23T03:06:00", "cpe": ["cpe:/a:openexr:openexr:1.2.2", "cpe:/a:openexr:openexr:1.6.1"], "id": "CVE-2009-1721", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1721", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:openexr:openexr:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-07T11:52:15", "description": "Multiple vulnerabilities has been found and corrected in OpenEXR :\n\nMultiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow\ncontext-dependent attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via unspecified vectors that\ntrigger heap-based buffer overflows, related to (1) the\nImf::PreviewImage::PreviewImage function and (2) compressor\nconstructors. NOTE: some of these details are obtained from third\nparty information (CVE-2009-1720).\n\nThe decompression implementation in the Imf::hufUncompress function in\nOpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a\ndenial of service (application crash) or possibly execute arbitrary\ncode via vectors that trigger a free of an uninitialized pointer\n(CVE-2009-1721).\n\nThis update provides fixes for these vulnerabilities.", "edition": 27, "published": "2009-08-03T00:00:00", "title": "Mandriva Linux Security Advisory : OpenEXR (MDVSA-2009:190)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2009-08-03T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64OpenEXR-devel", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:libOpenEXR6", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:libOpenEXR-devel", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:OpenEXR", "p-cpe:/a:mandriva:linux:lib64OpenEXR6"], "id": "MANDRIVA_MDVSA-2009-190.NASL", "href": "https://www.tenable.com/plugins/nessus/40465", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:190. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40465);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_bugtraq_id(35838);\n script_xref(name:\"MDVSA\", value:\"2009:190\");\n\n script_name(english:\"Mandriva Linux Security Advisory : OpenEXR (MDVSA-2009:190)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in OpenEXR :\n\nMultiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow\ncontext-dependent attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via unspecified vectors that\ntrigger heap-based buffer overflows, related to (1) the\nImf::PreviewImage::PreviewImage function and (2) compressor\nconstructors. NOTE: some of these details are obtained from third\nparty information (CVE-2009-1720).\n\nThe decompression implementation in the Imf::hufUncompress function in\nOpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a\ndenial of service (application crash) or possibly execute arbitrary\ncode via vectors that trigger a free of an uninitialized pointer\n(CVE-2009-1721).\n\nThis update provides fixes for these vulnerabilities.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64OpenEXR6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libOpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libOpenEXR6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", reference:\"OpenEXR-1.6.1-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64OpenEXR-devel-1.6.1-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64OpenEXR6-1.6.1-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libOpenEXR-devel-1.6.1-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libOpenEXR6-1.6.1-1.1mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"OpenEXR-1.6.1-3.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64OpenEXR-devel-1.6.1-3.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64OpenEXR6-1.6.1-3.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libOpenEXR-devel-1.6.1-3.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libOpenEXR6-1.6.1-3.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"OpenEXR-1.6.1-3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64OpenEXR-devel-1.6.1-3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64OpenEXR6-1.6.1-3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libOpenEXR-devel-1.6.1-3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libOpenEXR6-1.6.1-3.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:33", "description": " - Wed Jul 29 2009 Rex Dieter <rdieter at\n fedoraproject.org> 1.6.1-8\n\n - CVE-2009-1720 OpenEXR: Multiple integer overflows\n (#513995)\n\n - CVE-2009-1721 OpenEXR: Invalid pointer free by image\n decompression (#514003)\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.1-7\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\n - Mon Feb 23 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.1-6\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n\n - Fri Dec 12 2008 Caolan McNamara <caolanm at\n redhat.com> 1.6.1-5\n\n - rebuild to get provides pkgconfig(OpenEXR)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-08-01T00:00:00", "title": "Fedora 10 : OpenEXR-1.6.1-8.fc10 (2009-8136)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2009-08-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:OpenEXR"], "id": "FEDORA_2009-8136.NASL", "href": "https://www.tenable.com/plugins/nessus/40453", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8136.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40453);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_bugtraq_id(35838);\n script_xref(name:\"FEDORA\", value:\"2009-8136\");\n\n script_name(english:\"Fedora 10 : OpenEXR-1.6.1-8.fc10 (2009-8136)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Jul 29 2009 Rex Dieter <rdieter at\n fedoraproject.org> 1.6.1-8\n\n - CVE-2009-1720 OpenEXR: Multiple integer overflows\n (#513995)\n\n - CVE-2009-1721 OpenEXR: Invalid pointer free by image\n decompression (#514003)\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.1-7\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\n - Mon Feb 23 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.1-6\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n\n - Fri Dec 12 2008 Caolan McNamara <caolanm at\n redhat.com> 1.6.1-5\n\n - rebuild to get provides pkgconfig(OpenEXR)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=514003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/027219.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d169805\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenEXR package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"OpenEXR-1.6.1-8.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:57", "description": "This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug\n(CVE-2009-1721).", "edition": 24, "published": "2009-09-02T00:00:00", "title": "openSUSE Security Update : OpenEXR (OpenEXR-1157)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2009-09-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:OpenEXR-devel", "p-cpe:/a:novell:opensuse:OpenEXR-32bit", "p-cpe:/a:novell:opensuse:OpenEXR"], "id": "SUSE_11_0_OPENEXR-090804.NASL", "href": "https://www.tenable.com/plugins/nessus/40841", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update OpenEXR-1157.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40841);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n\n script_name(english:\"openSUSE Security Update : OpenEXR (OpenEXR-1157)\");\n script_summary(english:\"Check for the OpenEXR-1157 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug\n(CVE-2009-1721).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527539\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenEXR packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"OpenEXR-1.6.1-47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"OpenEXR-devel-1.6.1-47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.6.1-47.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:14:41", "description": "This update of OpenEXR fixes several integer overflows\n(CVE-2009-1720), a denial-of-service (probably execution of arbitrary\ncode) bug (CVE-2009-1721) and another possible remote code execution\nbug in the compression code. (CVE-2009-1721)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : OpenEXR (ZYPP Patch Number 6392)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENEXR-6392.NASL", "href": "https://www.tenable.com/plugins/nessus/41472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41472);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n\n script_name(english:\"SuSE 10 Security Update : OpenEXR (ZYPP Patch Number 6392)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenEXR fixes several integer overflows\n(CVE-2009-1720), a denial-of-service (probably execution of arbitrary\ncode) bug (CVE-2009-1721) and another possible remote code execution\nbug in the compression code. (CVE-2009-1721)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1720.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1721.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6392.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"OpenEXR-1.2.2-16.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"OpenEXR-devel-1.2.2-16.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.2.2-16.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"OpenEXR-1.2.2-16.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"OpenEXR-devel-1.2.2-16.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.2.2-16.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:14:41", "description": "This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug\n(CVE-2009-1721).", "edition": 24, "published": "2009-10-06T00:00:00", "title": "openSUSE 10 Security Update : OpenEXR (OpenEXR-6393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2009-10-06T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:OpenEXR-devel", "p-cpe:/a:novell:opensuse:OpenEXR-32bit", "p-cpe:/a:novell:opensuse:OpenEXR"], "id": "SUSE_OPENEXR-6393.NASL", "href": "https://www.tenable.com/plugins/nessus/41987", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update OpenEXR-6393.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41987);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n\n script_name(english:\"openSUSE 10 Security Update : OpenEXR (OpenEXR-6393)\");\n script_summary(english:\"Check for the OpenEXR-6393 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug\n(CVE-2009-1721).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenEXR packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"OpenEXR-1.4.0a-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"OpenEXR-devel-1.4.0a-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.4.0a-36.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:33", "description": " - Wed Jul 29 2009 Rex Dieter <rdieter at\n fedoraproject.org> 1.6.1-8\n\n - CVE-2009-1720 OpenEXR: Multiple integer overflows\n (#513995)\n\n - CVE-2009-1721 OpenEXR: Invalid pointer free by image\n decompression (#514003)\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.1-7\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-08-01T00:00:00", "title": "Fedora 11 : OpenEXR-1.6.1-8.fc11 (2009-8132)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2009-08-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:OpenEXR", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-8132.NASL", "href": "https://www.tenable.com/plugins/nessus/40452", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8132.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40452);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_bugtraq_id(35838);\n script_xref(name:\"FEDORA\", value:\"2009-8132\");\n\n script_name(english:\"Fedora 11 : OpenEXR-1.6.1-8.fc11 (2009-8132)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Jul 29 2009 Rex Dieter <rdieter at\n fedoraproject.org> 1.6.1-8\n\n - CVE-2009-1720 OpenEXR: Multiple integer overflows\n (#513995)\n\n - CVE-2009-1721 OpenEXR: Invalid pointer free by image\n decompression (#514003)\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.1-7\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=514003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/027215.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?618a01b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenEXR package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"OpenEXR-1.6.1-8.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:09:41", "description": "This update of OpenEXR fixes several integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug.\n(CVE-2009-1721)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : OpenEXR (SAT Patch Number 1155)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2009-09-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:OpenEXR-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:OpenEXR"], "id": "SUSE_11_OPENEXR-090804.NASL", "href": "https://www.tenable.com/plugins/nessus/41360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41360);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n\n script_name(english:\"SuSE 11 Security Update : OpenEXR (SAT Patch Number 1155)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenEXR fixes several integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug.\n(CVE-2009-1721)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1720.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1721.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1155.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:OpenEXR-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"OpenEXR-1.6.1-83.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"OpenEXR-1.6.1-83.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"OpenEXR-1.6.1-83.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"OpenEXR-32bit-1.6.1-83.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.6.1-83.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:04:02", "description": "This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug\n(CVE-2009-1721).", "edition": 24, "published": "2009-09-02T00:00:00", "title": "openSUSE Security Update : OpenEXR (OpenEXR-1157)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2009-09-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:OpenEXR-devel", "p-cpe:/a:novell:opensuse:OpenEXR-32bit", "p-cpe:/a:novell:opensuse:OpenEXR"], "id": "SUSE_11_1_OPENEXR-090804.NASL", "href": "https://www.tenable.com/plugins/nessus/40845", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update OpenEXR-1157.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40845);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n\n script_name(english:\"openSUSE Security Update : OpenEXR (OpenEXR-1157)\");\n script_summary(english:\"Check for the OpenEXR-1157 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug\n(CVE-2009-1721).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527539\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenEXR packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"OpenEXR-1.6.1-83.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"OpenEXR-devel-1.6.1-83.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.6.1-83.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:33", "description": "Several vulnerabilities have been discovered in the OpenEXR image\nlibrary, which can lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-1720\n Drew Yao discovered integer overflows in the preview and\n compression code.\n\n - CVE-2009-1721\n Drew Yao discovered that an uninitialised pointer could\n be freed in the decompression code.\n\n - CVE-2009-1722\n A buffer overflow was discovered in the compression\n code.", "edition": 28, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1842-1 : openexr - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720", "CVE-2009-1722"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:openexr", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1842.NASL", "href": "https://www.tenable.com/plugins/nessus/44707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1842. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44707);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\", \"CVE-2009-1722\");\n script_xref(name:\"DSA\", value:\"1842\");\n\n script_name(english:\"Debian DSA-1842-1 : openexr - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the OpenEXR image\nlibrary, which can lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-1720\n Drew Yao discovered integer overflows in the preview and\n compression code.\n\n - CVE-2009-1721\n Drew Yao discovered that an uninitialised pointer could\n be freed in the decompression code.\n\n - CVE-2009-1722\n A buffer overflow was discovered in the compression\n code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1842\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openexr packages.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 1.2.2-4.3+etch2.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.6.1-3+lenny3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libopenexr-dev\", reference:\"1.2.2-4.3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libopenexr2c2a\", reference:\"1.2.2-4.3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"openexr\", reference:\"1.2.2-4.3+etch2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libopenexr-dev\", reference:\"1.6.1-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libopenexr6\", reference:\"1.6.1-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openexr\", reference:\"1.6.1-3+lenny3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:44:44", "description": "Drew Yao discovered several flaws in the way OpenEXR handled certain\nmalformed EXR image files. If a user were tricked into opening a\ncrafted EXR image file, an attacker could cause a denial of service\nvia application crash, or possibly execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2009-1720,\nCVE-2009-1721)\n\nIt was discovered that OpenEXR did not properly handle certain\nmalformed EXR image files. If a user were tricked into opening a\ncrafted EXR image file, an attacker could cause a denial of service\nvia application crash, or possibly execute arbitrary code with the\nprivileges of the user invoking the program. This issue only affected\nUbuntu 8.04 LTS. (CVE-2009-1722).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2009-09-15T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : openexr vulnerabilities (USN-831-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720", "CVE-2009-1722"], "modified": "2009-09-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libopenexr6", "p-cpe:/a:canonical:ubuntu_linux:libopenexr-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:openexr", "p-cpe:/a:canonical:ubuntu_linux:libopenexr2ldbl", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-831-1.NASL", "href": "https://www.tenable.com/plugins/nessus/40982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-831-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40982);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\", \"CVE-2009-1722\");\n script_bugtraq_id(35838);\n script_xref(name:\"USN\", value:\"831-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : openexr vulnerabilities (USN-831-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Drew Yao discovered several flaws in the way OpenEXR handled certain\nmalformed EXR image files. If a user were tricked into opening a\ncrafted EXR image file, an attacker could cause a denial of service\nvia application crash, or possibly execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2009-1720,\nCVE-2009-1721)\n\nIt was discovered that OpenEXR did not properly handle certain\nmalformed EXR image files. If a user were tricked into opening a\ncrafted EXR image file, an attacker could cause a denial of service\nvia application crash, or possibly execute arbitrary code with the\nprivileges of the user invoking the program. This issue only affected\nUbuntu 8.04 LTS. (CVE-2009-1722).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/831-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr2ldbl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libopenexr-dev\", pkgver:\"1.2.2-4.4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libopenexr2ldbl\", pkgver:\"1.2.2-4.4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"openexr\", pkgver:\"1.2.2-4.4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libopenexr-dev\", pkgver:\"1.6.1-3ubuntu1.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libopenexr6\", pkgver:\"1.6.1-3ubuntu1.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openexr\", pkgver:\"1.6.1-3ubuntu1.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libopenexr-dev\", pkgver:\"1.6.1-3ubuntu1.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libopenexr6\", pkgver:\"1.6.1-3ubuntu1.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openexr\", pkgver:\"1.6.1-3ubuntu1.9.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenexr-dev / libopenexr2ldbl / libopenexr6 / openexr\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "### Background\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could execute arbitrary code or cause a Denial of Service condition via unspecified vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenEXR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/openexr-1.7.0\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since December 08, 2010. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2013-12-09T00:00:00", "published": "2013-12-09T00:00:00", "id": "GLSA-201312-07", "href": "https://security.gentoo.org/glsa/201312-07", "type": "gentoo", "title": "OpenEXR: Multiple Vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-26T08:55:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:65713", "href": "http://plugins.openvas.org/nasl.php?oid=65713", "type": "openvas", "title": "SLES11: Security update for OpenEXR", "sourceData": "#\n#VID a9d4fc04f93289a20122dfbd5edb2ce0\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenEXR\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=527539\");\n script_id(65713);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES11: Security update for OpenEXR\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~83.17.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n OpenEXR-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65946", "href": "http://plugins.openvas.org/nasl.php?oid=65946", "type": "openvas", "title": "SLES10: Security update for OpenEXR", "sourceData": "#\n#VID slesp2-OpenEXR-6392\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenEXR\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n OpenEXR-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65946);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for OpenEXR\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.2.2~16.7\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-devel\", rpm:\"OpenEXR-devel~1.2.2~16.7\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8136.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:136141256231064544", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064544", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8136 (OpenEXR)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8136.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8136 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial\nLight & Magic for use in computer imaging applications. This package contains\nlibraries and sample applications for handling the format.\n\nChangeLog:\n\n* Wed Jul 29 2009 Rex Dieter 1.6.1-8\n- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)\n- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)\n* Fri Jul 24 2009 Fedora Release Engineering - 1.6.1-7\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Mon Feb 23 2009 Fedora Release Engineering - 1.6.1-6\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n* Fri Dec 12 2008 Caol\u00e1n McNamara 1.6.1-5\n- rebuild to get provides pkgconfig(OpenEXR)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update OpenEXR' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8136\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8136.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64544\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-8136 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513995\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=514003\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-devel\", rpm:\"OpenEXR-devel~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-libs\", rpm:\"OpenEXR-libs~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-debuginfo\", rpm:\"OpenEXR-debuginfo~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8132.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:136141256231064543", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064543", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8132 (OpenEXR)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8132.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8132 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial\nLight & Magic for use in computer imaging applications. This package contains\nlibraries and sample applications for handling the format.\n\nChangeLog:\n\n* Wed Jul 29 2009 Rex Dieter 1.6.1-8\n- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)\n- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)\n* Fri Jul 24 2009 Fedora Release Engineering - 1.6.1-7\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update OpenEXR' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8132\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8132.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64543\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-8132 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513995\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=514003\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-devel\", rpm:\"OpenEXR-devel~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-libs\", rpm:\"OpenEXR-libs~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-debuginfo\", rpm:\"OpenEXR-debuginfo~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n OpenEXR-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065946", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065946", "type": "openvas", "title": "SLES10: Security update for OpenEXR", "sourceData": "#\n#VID slesp2-OpenEXR-6392\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenEXR\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n OpenEXR-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65946\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for OpenEXR\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.2.2~16.7\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-devel\", rpm:\"OpenEXR-devel~1.2.2~16.7\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "The remote host is missing an update to OpenEXR\nannounced via advisory MDVSA-2009:190.", "modified": "2017-07-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:64533", "href": "http://plugins.openvas.org/nasl.php?oid=64533", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_190.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:190 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in OpenEXR:\n\nMultiple integer overflows in OpenEXR 1.2.2 and 1.6.1\nallow context-dependent attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via unspecified\nvectors that trigger heap-based buffer overflows, related to (1)\nthe Imf::PreviewImage::PreviewImage function and (2) compressor\nconstructors. NOTE: some of these details are obtained from third\nparty information (CVE-2009-1720).\n\nThe decompression implementation in the Imf::hufUncompress function in\nOpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a\ndenial of service (application crash) or possibly execute arbitrary\ncode via vectors that trigger a free of an uninitialized pointer\n(CVE-2009-1721).\n\nThis update provides fixes for these vulnerabilities.\n\nAffected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:190\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory MDVSA-2009:190.\";\n\n \n\nif(description)\n{\n script_id(64533);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:136141256231065713", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065713", "type": "openvas", "title": "SLES11: Security update for OpenEXR", "sourceData": "#\n#VID a9d4fc04f93289a20122dfbd5edb2ce0\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenEXR\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=527539\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65713\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES11: Security update for OpenEXR\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~83.17.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "Gentoo Linux Local Security Checks GLSA 201312-07", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121088", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201312-07", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201312-07.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121088\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:26 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201312-07\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201312-07\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201312-07\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-libs/openexr\", unaffected: make_list(\"ge 1.7.0\"), vulnerable: make_list(\"lt 1.7.0\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:39:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "The remote host is missing an update to OpenEXR\nannounced via advisory MDVSA-2009:190.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:136141256231064533", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064533", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_190.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:190 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in OpenEXR:\n\nMultiple integer overflows in OpenEXR 1.2.2 and 1.6.1\nallow context-dependent attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via unspecified\nvectors that trigger heap-based buffer overflows, related to (1)\nthe Imf::PreviewImage::PreviewImage function and (2) compressor\nconstructors. NOTE: some of these details are obtained from third\nparty information (CVE-2009-1720).\n\nThe decompression implementation in the Imf::hufUncompress function in\nOpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a\ndenial of service (application crash) or possibly execute arbitrary\ncode via vectors that trigger a free of an uninitialized pointer\n(CVE-2009-1721).\n\nThis update provides fixes for these vulnerabilities.\n\nAffected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:190\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory MDVSA-2009:190.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64533\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "description": "The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8132.", "modified": "2017-07-10T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:64543", "href": "http://plugins.openvas.org/nasl.php?oid=64543", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8132 (OpenEXR)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8132.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8132 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial\nLight & Magic for use in computer imaging applications. This package contains\nlibraries and sample applications for handling the format.\n\nChangeLog:\n\n* Wed Jul 29 2009 Rex Dieter 1.6.1-8\n- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)\n- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)\n* Fri Jul 24 2009 Fedora Release Engineering - 1.6.1-7\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update OpenEXR' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8132\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8132.\";\n\n\n\nif(description)\n{\n script_id(64543);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-8132 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513995\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=514003\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-devel\", rpm:\"OpenEXR-devel~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-libs\", rpm:\"OpenEXR-libs~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-debuginfo\", rpm:\"OpenEXR-debuginfo~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1720", "CVE-2009-1721"], "description": "OpenEXR is a high dynamic-range (HDR) image file format developed by Indust rial Light & Magic for use in computer imaging applications. This package contai ns libraries and sample applications for handling the format. ", "modified": "2009-07-31T18:02:09", "published": "2009-07-31T18:02:09", "id": "FEDORA:23C2510F88F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: OpenEXR-1.6.1-8.fc10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1720", "CVE-2009-1721"], "description": "OpenEXR is a high dynamic-range (HDR) image file format developed by Indust rial Light & Magic for use in computer imaging applications. This package contai ns libraries and sample applications for handling the format. ", "modified": "2009-07-31T18:01:21", "published": "2009-07-31T18:01:21", "id": "FEDORA:E845A10F875", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: OpenEXR-1.6.1-8.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:23:36", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1721", "CVE-2009-1720", "CVE-2009-1722"], "description": "Drew Yao discovered several flaws in the way OpenEXR handled certain \nmalformed EXR image files. If a user were tricked into opening a crafted \nEXR image file, an attacker could cause a denial of service via application \ncrash, or possibly execute arbitrary code with the privileges of the user \ninvoking the program. (CVE-2009-1720, CVE-2009-1721)\n\nIt was discovered that OpenEXR did not properly handle certain malformed \nEXR image files. If a user were tricked into opening a crafted EXR image \nfile, an attacker could cause a denial of service via application crash, or \npossibly execute arbitrary code with the privileges of the user invoking \nthe program. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-1722)", "edition": 5, "modified": "2009-09-14T00:00:00", "published": "2009-09-14T00:00:00", "id": "USN-831-1", "href": "https://ubuntu.com/security/notices/USN-831-1", "title": "OpenEXR vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-1721", "CVE-2009-1720", "CVE-2009-1722"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1842-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJuly 28, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : openexr\r\nVulnerability : several\r\nProblem type : local(remote)\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2009-1720 CVE-2009-1721 CVE-2009-1722\r\n\r\nSeveral vulnerabilities have been discovered in the OpenEXR image\r\nlibrary, which can lead to the execution of arbitrary code. The Common\r\nVulnerabilities and Exposures project identifies the following problems:\r\n\r\nCVE-2009-1720\r\n\r\n Drew Yao discovered integer overflows in the preview and\r\n compression code.\r\n\r\nCVE-2009-1721\r\n\r\n Drew Yao discovered that an uninitialised pointer could be freed\r\n in the decompression code.\r\n\r\nCVE-2009-1722\r\n\r\n A buffer overflow was discovered in the compression code.\r\n\r\nFor the old stable distribution (etch), these problems have been fixed\r\nin version 1.2.2-4.3+etch2.\r\n\r\nFor the stable distribution (lenny), these problems have been fixed\r\nin version 1.6.1-3+lenny3.\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your openexr packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390\r\nand sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2.orig.tar.gz\r\n Size/MD5 checksum: 9324108 a2e56af78dc47c7294ff188c8f78394b\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.dsc\r\n Size/MD5 checksum: 841 38524b64a8f8a689b2db3a697b1bb7e3\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz\r\n Size/MD5 checksum: 11620 fe26549c7913a1217795382ad0f31153\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_alpha.deb\r\n Size/MD5 checksum: 649894 fc9a1c67beee9197266747ee562e0349\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_alpha.deb\r\n Size/MD5 checksum: 742016 0f11446d30377a662670724f7ea03a5c\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_alpha.deb\r\n Size/MD5 checksum: 313564 e34baa2d06d796eea67aafe84bdf7b0e\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_amd64.deb\r\n Size/MD5 checksum: 287856 c051a4558f5b145e7246618b4397169a\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_amd64.deb\r\n Size/MD5 checksum: 730450 8180e6cb370177d6355f5755c865ab14\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_amd64.deb\r\n Size/MD5 checksum: 535914 0c98d699e11e308151a003ce28b7c77c\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_arm.deb\r\n Size/MD5 checksum: 531144 bd9b1cea94db20840f380a6c288cf3c9\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_arm.deb\r\n Size/MD5 checksum: 290886 bda7210cc96811000b36b3e760400f56\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_arm.deb\r\n Size/MD5 checksum: 729258 2472ecda1421bc323f978b943ae0cc96\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_hppa.deb\r\n Size/MD5 checksum: 742604 95cda2414e2f4296dee1a044978cec50\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_hppa.deb\r\n Size/MD5 checksum: 389476 8a6f6c386fd65e1c422cd8145e3a058f\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_hppa.deb\r\n Size/MD5 checksum: 641946 aed1b15e04d26de29ee314639b28f27b\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_i386.deb\r\n Size/MD5 checksum: 730140 d6bd597c1c794304f02b8c2cba564cd3\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_i386.deb\r\n Size/MD5 checksum: 507006 787feeaf0e889f000f687b41f132b7b5\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_i386.deb\r\n Size/MD5 checksum: 298682 282cb1311545aeb1a9a30635fa0d8afc\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_ia64.deb\r\n Size/MD5 checksum: 758978 ad87aee6e8b0c45eec39564920461fba\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_ia64.deb\r\n Size/MD5 checksum: 351604 eb21634f92ab972a0fde896190ff1640\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_ia64.deb\r\n Size/MD5 checksum: 675014 68d763fa96db1bd9bf709386b188a0bb\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_mips.deb\r\n Size/MD5 checksum: 345100 03b43b1028d85a2fb33cb63e83980083\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_mips.deb\r\n Size/MD5 checksum: 740040 535c2f97ed619f281bbe537ac5c6bc2d\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_mips.deb\r\n Size/MD5 checksum: 621990 34ae3431d730c36710102e9f9cab12e2\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_mipsel.deb\r\n Size/MD5 checksum: 557340 211e63375b0678bdb466bf751da16d17\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_mipsel.deb\r\n Size/MD5 checksum: 286388 2bbee82ca594eb5b66bfc11ee86343b7\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_mipsel.deb\r\n Size/MD5 checksum: 738854 9d64ba8ad843bd7be11dd96aef6c585e\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_powerpc.deb\r\n Size/MD5 checksum: 742280 33563d1687a45a0afc49ea323634b740\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_powerpc.deb\r\n Size/MD5 checksum: 602020 d23895c35a0452cdf7e2a942aa14a54b\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_powerpc.deb\r\n Size/MD5 checksum: 359976 6bd99f9bd3d4efb97165b01c433e4bd7\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_s390.deb\r\n Size/MD5 checksum: 729526 eaaa37987326d63198ab62e03345652c\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_s390.deb\r\n Size/MD5 checksum: 568924 95504b9609ea97347343e7e289e2221a\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_s390.deb\r\n Size/MD5 checksum: 343522 3759d7bbdb019bd2195cf76290627144\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_sparc.deb\r\n Size/MD5 checksum: 726266 e42da7efdbddf2754be36487d71ce3ca\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_sparc.deb\r\n Size/MD5 checksum: 354972 a5035d03894a1addc94b3de3069d1fb9\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_sparc.deb\r\n Size/MD5 checksum: 541212 067ca7aaee21e0e1aee4f2136666bdd8\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc,\r\ns390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.dsc\r\n Size/MD5 checksum: 1350 2b8eed594d50319412ed73f5f596aafe\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1.orig.tar.gz\r\n Size/MD5 checksum: 13632660 11951f164f9c872b183df75e66de145a\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz\r\n Size/MD5 checksum: 9827 b93fd79da953259b8b52c2ecb906b54e\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_alpha.deb\r\n Size/MD5 checksum: 2778984 0513bd0d96cb43befeee9d94add201da\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_alpha.deb\r\n Size/MD5 checksum: 281732 945acff6dee3ef769d0b7ec74598de1b\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_alpha.deb\r\n Size/MD5 checksum: 531848 c7294a235fee8cb81d6f39f374b3de40\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_amd64.deb\r\n Size/MD5 checksum: 2772630 d661672b2f65db8061fcb8776b3531ad\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_amd64.deb\r\n Size/MD5 checksum: 410338 836a7928ac2b3547a601e4414da45b09\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_amd64.deb\r\n Size/MD5 checksum: 256300 631b0ac70dcd7c8084fd0f67a8448f5d\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_arm.deb\r\n Size/MD5 checksum: 417362 55e8c445c6abd01adb77dcfdb43332e9\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_arm.deb\r\n Size/MD5 checksum: 264182 d8c430152da1c91fe5ec52067efea78b\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_arm.deb\r\n Size/MD5 checksum: 2771396 c37c1f350ca6225de25d831f0038ce37\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_armel.deb\r\n Size/MD5 checksum: 2767672 ae5e239cb77abcbe101d933f2ee4ac90\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_armel.deb\r\n Size/MD5 checksum: 234462 c4741b0bfb775bc9a40de0a643efb868\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_armel.deb\r\n Size/MD5 checksum: 417128 9aa5f7cc6ea1d81cfadad4b301a3618e\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_hppa.deb\r\n Size/MD5 checksum: 461490 7203f3346fc5aab67bbf6f57716972c2\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_hppa.deb\r\n Size/MD5 checksum: 286722 65b2a0231be6068a26ab114c405cec92\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_hppa.deb\r\n Size/MD5 checksum: 2780614 c8cca4d46105ca9fc3c7c09b28de38e1\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_i386.deb\r\n Size/MD5 checksum: 261674 4abfac5164cf73b064fcfa1795e3519b\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_i386.deb\r\n Size/MD5 checksum: 382482 205c279fb515a77db06702e814fe90e1\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_i386.deb\r\n Size/MD5 checksum: 2771980 b0d9e669fa5a740fd4865d225e197489\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_ia64.deb\r\n Size/MD5 checksum: 2797400 ad32ac146a7478627d214bd2ba5f1072\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_ia64.deb\r\n Size/MD5 checksum: 326536 faffe80a1fe18d8844160c921788dd12\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_ia64.deb\r\n Size/MD5 checksum: 540098 b4d528a99548a4ac55e522f3dc884812\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_mips.deb\r\n Size/MD5 checksum: 434618 87e8fc245b6f7ce1221a7e1d270dd5b7\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_mips.deb\r\n Size/MD5 checksum: 2773808 2eb7c1e598689245fd689757fcfd6629\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_mips.deb\r\n Size/MD5 checksum: 247956 154114b76d4b48ade46950e0c3ffc7e1\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_mipsel.deb\r\n Size/MD5 checksum: 245632 0b712d9c2e3b3ddbade2d8d422d1ab61\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_mipsel.deb\r\n Size/MD5 checksum: 433480 e38d09e2b43a0a15ff9e1a682df505b6\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_mipsel.deb\r\n Size/MD5 checksum: 2773436 762c3505a0be0d22d4a8a7cc320a8b57\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_powerpc.deb\r\n Size/MD5 checksum: 2790486 d58f02fd02a19e2f6c9fc09ccb820628\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_powerpc.deb\r\n Size/MD5 checksum: 280182 fcfec5652ba28f154363e60d30eb07cd\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_powerpc.deb\r\n Size/MD5 checksum: 425910 7112b7df591f2a4fb28ba8c025c74796\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_s390.deb\r\n Size/MD5 checksum: 396608 ff75777592b04a235ef600fdd5f35dbd\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_s390.deb\r\n Size/MD5 checksum: 2772984 9da82847cc89c3d7b03d16fad1fc6c98\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_s390.deb\r\n Size/MD5 checksum: 257288 ed024511c52b4fb1eb430a1922094ff4\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_sparc.deb\r\n Size/MD5 checksum: 380626 cd3003fd724c5c45b84ff3fff8fea098\r\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_sparc.deb\r\n Size/MD5 checksum: 264904 e3873ec73423b9119b7c010dbb2a82c1\r\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_sparc.deb\r\n Size/MD5 checksum: 2771744 11c15cec8db891a7ccf49f4e1f663a68\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkpu61MACgkQXm3vHE4uylr29QCffNG4AC2KumZ1yRWsMcbXeOEh\r\nwusAoNYisaDfJDMKy9zCLHn/OgNCkmof\r\n=/7O6\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-07-28T00:00:00", "published": "2009-07-28T00:00:00", "id": "SECURITYVULNS:DOC:22229", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22229", "title": "[SECURITY] [DSA 1842-1] New openexr packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-1721", "CVE-2009-1720", "CVE-2009-1722"], "description": "Integer overflow, buffer overflow, uninitialized pointer.", "edition": 1, "modified": "2009-07-28T00:00:00", "published": "2009-07-28T00:00:00", "id": "SECURITYVULNS:VULN:10104", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10104", "title": "OpenEXR multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-2192", "CVE-2009-1235", "CVE-2009-1721", "CVE-2009-2194", "CVE-2009-0040", "CVE-2009-2193", "CVE-2009-2190", "CVE-2009-1726", "CVE-2009-1728", "CVE-2009-1720", "CVE-2009-1722", "CVE-2008-0674", "CVE-2009-1727", "CVE-2009-0151", "CVE-2009-1723", "CVE-2009-2191", "CVE-2009-2188"], "description": "Privilege escalations, multiple DoS conditions, buffer overflow in AppleTalk client, Safari certificate spoofing, multiple vulnerabilities on images parsing.", "edition": 1, "modified": "2009-08-07T00:00:00", "published": "2009-08-07T00:00:00", "id": "SECURITYVULNS:VULN:10120", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10120", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-2192", "CVE-2008-1372", "CVE-2009-1235", "CVE-2009-1721", "CVE-2009-2194", "CVE-2009-0040", "CVE-2009-2193", "CVE-2009-2190", "CVE-2009-1726", "CVE-2009-1728", "CVE-2009-1720", "CVE-2009-1722", "CVE-2008-0674", "CVE-2009-1727", "CVE-2009-0151", "CVE-2009-1723", "CVE-2009-2191", "CVE-2009-2188"], "description": "About the security content of Security Update 2009-003 / Mac OS X v10.5.8\r\n\r\n * Last Modified: August 05, 2009\r\n * Article: HT3757\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2009-003 / Mac OS X v10.5.8, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nProduct Security\r\nSecurity Update 2009-003 / Mac OS X v10.5.8\r\n\r\n *\r\n\r\n bzip2\r\n\r\n CVE-ID: CVE-2008-1372\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Decompressing maliciously crafted data may lead to an unexpected application termination\r\n\r\n Description: An out-of-bounds memory access exists in bzip2. Opening a maliciously crafted compressed file may lead to an unexpected application termination. This update addresses the issue by updating bzip2 to version 1.0.5. Further information is available via the bzip2 web site at http://bzip.org/\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-1723\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A maliciously crafted website may control the displayed website URL in a certificate warning\r\n\r\n Description: When Safari reaches a website via a 302 redirection and a certificate warning is displayed, the warning will contain the original website URL instead of the current website URL. This may allow a maliciously crafted website that is reached via an open redirector on a user-trusted website to control the displayed website URL in a certificate warning. This issue was addressed by returning the correct URL in the underlying CFNetwork layer. This issue does not affect systems prior to Mac OS X v10.5. Credit to Kevin Day of Your.Org, and Jason Mueller of Indiana University for reporting this issue.\r\n\r\n *\r\n\r\n ColorSync\r\n\r\n CVE-ID: CVE-2009-1726\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of ColorSync profiles. Credit to Chris Evans of the Google Security Team for reporting this issue.\r\n\r\n *\r\n\r\n CoreTypes\r\n\r\n CVE-ID: CVE-2009-1727\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Users are not warned before opening certain potentially unsafe content types\r\n\r\n Description: This update extends the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious JavaScript payload. This update improves the system's ability to notify users before handling content types used by Safari. Credit to Brian Mastenbrook, and Clint Ruoho of Laconic Security for reporting this issue.\r\n\r\n *\r\n\r\n Dock\r\n\r\n CVE-ID: CVE-2009-0151\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A person with physical access to a locked system may use four-finger Multi-Touch gestures\r\n\r\n Description: The screen saver does not block four-finger Multi-Touch gestures, which may allow a person with physical access to a locked system to manage applications or use Expose. This update addresses the issue by properly blocking Multi-Touch gestures when the screen saver is running. This issue only affects systems with a Multi-Touch trackpad.\r\n\r\n *\r\n\r\n Image RAW\r\n\r\n CVE-ID: CVE-2009-1728\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted Canon RAW image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. For Mac OS X v10.4 systems, this issue is already addressed with Digital Camera RAW Compatibility Update 2.6. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-1722\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in ImageIO's handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by updating OpenEXR to version 1.6.1. Credit to Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-1721\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in ImageIO's handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through proper memory initialization and additional validation of OpenEXR images. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-1720\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple integer overflows exist in ImageIO's handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-2188\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in ImageIO's handling of EXIF metadata. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-0040\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized pointer issue exists in the handling of PNG images. Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PNG images. Credit to Tavis Ormandy of the Google Security Team for reporting this issue.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2009-1235\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A local user may obtain system privileges\r\n\r\n Description: An implementation issue exists in the kernel's handling of fcntl system calls. A local user may overwrite kernel memory and execute arbitrary code with system privileges. This update addresses the issue through improved handling of fcntl system calls. Credit to Razvan Musaloiu-E. of Johns Hopkins University, HiNRG for reporting this issue.\r\n\r\n *\r\n\r\n launchd\r\n\r\n CVE-ID: CVE-2009-2190\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Opening many connections to an inetd-based launchd service may lead to a denial of service\r\n\r\n Description: Opening many connections to an inetd-based launchd service may cause launchd to stop servicing incoming connections to that service until the next system restart. This update addresses the issue through improved error handling.\r\n\r\n *\r\n\r\n Login Window\r\n\r\n CVE-ID: CVE-2009-2191\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A format string issue in Login Window may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A format string issue in Login Window's handling of application names may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of application names. Credit to Alfredo Pesoli of 0xcafebabe.it for reporting this issue.\r\n\r\n *\r\n\r\n MobileMe\r\n\r\n CVE-ID: CVE-2009-2192\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Signing out of MobileMe does not remove all credentials\r\n\r\n Description: A logic issue exists in the MobileMe preference pane. Signing out of the preference pane does not delete all credentials. A person with access to the local user account may continue to access any other system associated with the MobileMe account which had previously been signed in for that local account. This update addresses the issue by deleting all the credentials on sign out.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2009-2193\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Receiving a maliciously crafted AppleTalk response packet may lead to arbitrary code execution with system privileges or an unexpected system shutdown\r\n\r\n Description: A buffer overflow exists in the kernel's handling of AppleTalk response packets. Receiving a maliciously crafted AppleTalk response packet may lead to arbitrary code execution with system privileges or an unexpected system shutdown. This update addresses the issue through improved validation of AppleTalk response packets. Credit to Ilja van Sprundel from IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2009-2194\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A local user may cause an unexpected system shutdown\r\n\r\n Description: A synchronization issue exists in the handling of file descriptor sharing over local sockets. By sending messages containing file descriptors to a socket with no receiver, a local user may cause an unexpected system shutdown. This update addresses the issue through improved handling of file descriptor sharing. Credit to Bennet Yee of Google Inc. for reporting this issue.\r\n\r\n *\r\n\r\n XQuery\r\n\r\n CVE-ID: CVE-2008-0674\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Processing maliciously crafted XML content may lead to arbitrary code execution\r\n\r\n Description: A buffer overflow exists in the handling of character classes in regular expressions in the Perl Compatible Regular Expressions (PCRE) library used by XQuery. This may allow a remote attacker to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. This update addresses the issue by updating PCRE to version 7.6.\r\n\r\n", "edition": 1, "modified": "2009-08-07T00:00:00", "published": "2009-08-07T00:00:00", "id": "SECURITYVULNS:DOC:22251", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22251", "title": "About the security content of Security Update 2009-003 / Mac OS X v10.5.8", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:25:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1721", "CVE-2009-1720", "CVE-2009-1722"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1842-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 28, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : openexr\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-1720 CVE-2009-1721 CVE-2009-1722\n\nSeveral vulnerabilities have been discovered in the OpenEXR image\nlibrary, which can lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2009-1720\n\n Drew Yao discovered integer overflows in the preview and\n compression code.\n\nCVE-2009-1721\n\n Drew Yao discovered that an uninitialised pointer could be freed\n in the decompression code.\n\nCVE-2009-1722\n\n A buffer overflow was discovered in the compression code.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 1.2.2-4.3+etch2.\n\nFor the stable distribution (lenny), these problems have been fixed\nin version 1.6.1-3+lenny3.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your openexr packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2.orig.tar.gz\n Size/MD5 checksum: 9324108 a2e56af78dc47c7294ff188c8f78394b\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.dsc\n Size/MD5 checksum: 841 38524b64a8f8a689b2db3a697b1bb7e3\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz\n Size/MD5 checksum: 11620 fe26549c7913a1217795382ad0f31153\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_alpha.deb\n Size/MD5 checksum: 649894 fc9a1c67beee9197266747ee562e0349\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_alpha.deb\n Size/MD5 checksum: 742016 0f11446d30377a662670724f7ea03a5c\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_alpha.deb\n Size/MD5 checksum: 313564 e34baa2d06d796eea67aafe84bdf7b0e\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_amd64.deb\n Size/MD5 checksum: 287856 c051a4558f5b145e7246618b4397169a\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_amd64.deb\n Size/MD5 checksum: 730450 8180e6cb370177d6355f5755c865ab14\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_amd64.deb\n Size/MD5 checksum: 535914 0c98d699e11e308151a003ce28b7c77c\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_arm.deb\n Size/MD5 checksum: 531144 bd9b1cea94db20840f380a6c288cf3c9\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_arm.deb\n Size/MD5 checksum: 290886 bda7210cc96811000b36b3e760400f56\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_arm.deb\n Size/MD5 checksum: 729258 2472ecda1421bc323f978b943ae0cc96\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_hppa.deb\n Size/MD5 checksum: 742604 95cda2414e2f4296dee1a044978cec50\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_hppa.deb\n Size/MD5 checksum: 389476 8a6f6c386fd65e1c422cd8145e3a058f\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_hppa.deb\n Size/MD5 checksum: 641946 aed1b15e04d26de29ee314639b28f27b\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_i386.deb\n Size/MD5 checksum: 730140 d6bd597c1c794304f02b8c2cba564cd3\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_i386.deb\n Size/MD5 checksum: 507006 787feeaf0e889f000f687b41f132b7b5\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_i386.deb\n Size/MD5 checksum: 298682 282cb1311545aeb1a9a30635fa0d8afc\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_ia64.deb\n Size/MD5 checksum: 758978 ad87aee6e8b0c45eec39564920461fba\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_ia64.deb\n Size/MD5 checksum: 351604 eb21634f92ab972a0fde896190ff1640\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_ia64.deb\n Size/MD5 checksum: 675014 68d763fa96db1bd9bf709386b188a0bb\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_mips.deb\n Size/MD5 checksum: 345100 03b43b1028d85a2fb33cb63e83980083\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_mips.deb\n Size/MD5 checksum: 740040 535c2f97ed619f281bbe537ac5c6bc2d\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_mips.deb\n Size/MD5 checksum: 621990 34ae3431d730c36710102e9f9cab12e2\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_mipsel.deb\n Size/MD5 checksum: 557340 211e63375b0678bdb466bf751da16d17\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_mipsel.deb\n Size/MD5 checksum: 286388 2bbee82ca594eb5b66bfc11ee86343b7\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_mipsel.deb\n Size/MD5 checksum: 738854 9d64ba8ad843bd7be11dd96aef6c585e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_powerpc.deb\n Size/MD5 checksum: 742280 33563d1687a45a0afc49ea323634b740\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_powerpc.deb\n Size/MD5 checksum: 602020 d23895c35a0452cdf7e2a942aa14a54b\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_powerpc.deb\n Size/MD5 checksum: 359976 6bd99f9bd3d4efb97165b01c433e4bd7\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_s390.deb\n Size/MD5 checksum: 729526 eaaa37987326d63198ab62e03345652c\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_s390.deb\n Size/MD5 checksum: 568924 95504b9609ea97347343e7e289e2221a\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_s390.deb\n Size/MD5 checksum: 343522 3759d7bbdb019bd2195cf76290627144\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_sparc.deb\n Size/MD5 checksum: 726266 e42da7efdbddf2754be36487d71ce3ca\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_sparc.deb\n Size/MD5 checksum: 354972 a5035d03894a1addc94b3de3069d1fb9\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_sparc.deb\n Size/MD5 checksum: 541212 067ca7aaee21e0e1aee4f2136666bdd8\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.dsc\n Size/MD5 checksum: 1350 2b8eed594d50319412ed73f5f596aafe\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1.orig.tar.gz\n Size/MD5 checksum: 13632660 11951f164f9c872b183df75e66de145a\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz\n Size/MD5 checksum: 9827 b93fd79da953259b8b52c2ecb906b54e\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_alpha.deb\n Size/MD5 checksum: 2778984 0513bd0d96cb43befeee9d94add201da\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_alpha.deb\n Size/MD5 checksum: 281732 945acff6dee3ef769d0b7ec74598de1b\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_alpha.deb\n Size/MD5 checksum: 531848 c7294a235fee8cb81d6f39f374b3de40\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_amd64.deb\n Size/MD5 checksum: 2772630 d661672b2f65db8061fcb8776b3531ad\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_amd64.deb\n Size/MD5 checksum: 410338 836a7928ac2b3547a601e4414da45b09\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_amd64.deb\n Size/MD5 checksum: 256300 631b0ac70dcd7c8084fd0f67a8448f5d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_arm.deb\n Size/MD5 checksum: 417362 55e8c445c6abd01adb77dcfdb43332e9\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_arm.deb\n Size/MD5 checksum: 264182 d8c430152da1c91fe5ec52067efea78b\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_arm.deb\n Size/MD5 checksum: 2771396 c37c1f350ca6225de25d831f0038ce37\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_armel.deb\n Size/MD5 checksum: 2767672 ae5e239cb77abcbe101d933f2ee4ac90\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_armel.deb\n Size/MD5 checksum: 234462 c4741b0bfb775bc9a40de0a643efb868\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_armel.deb\n Size/MD5 checksum: 417128 9aa5f7cc6ea1d81cfadad4b301a3618e\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_hppa.deb\n Size/MD5 checksum: 461490 7203f3346fc5aab67bbf6f57716972c2\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_hppa.deb\n Size/MD5 checksum: 286722 65b2a0231be6068a26ab114c405cec92\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_hppa.deb\n Size/MD5 checksum: 2780614 c8cca4d46105ca9fc3c7c09b28de38e1\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_i386.deb\n Size/MD5 checksum: 261674 4abfac5164cf73b064fcfa1795e3519b\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_i386.deb\n Size/MD5 checksum: 382482 205c279fb515a77db06702e814fe90e1\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_i386.deb\n Size/MD5 checksum: 2771980 b0d9e669fa5a740fd4865d225e197489\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_ia64.deb\n Size/MD5 checksum: 2797400 ad32ac146a7478627d214bd2ba5f1072\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_ia64.deb\n Size/MD5 checksum: 326536 faffe80a1fe18d8844160c921788dd12\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_ia64.deb\n Size/MD5 checksum: 540098 b4d528a99548a4ac55e522f3dc884812\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_mips.deb\n Size/MD5 checksum: 434618 87e8fc245b6f7ce1221a7e1d270dd5b7\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_mips.deb\n Size/MD5 checksum: 2773808 2eb7c1e598689245fd689757fcfd6629\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_mips.deb\n Size/MD5 checksum: 247956 154114b76d4b48ade46950e0c3ffc7e1\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_mipsel.deb\n Size/MD5 checksum: 245632 0b712d9c2e3b3ddbade2d8d422d1ab61\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_mipsel.deb\n Size/MD5 checksum: 433480 e38d09e2b43a0a15ff9e1a682df505b6\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_mipsel.deb\n Size/MD5 checksum: 2773436 762c3505a0be0d22d4a8a7cc320a8b57\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_powerpc.deb\n Size/MD5 checksum: 2790486 d58f02fd02a19e2f6c9fc09ccb820628\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_powerpc.deb\n Size/MD5 checksum: 280182 fcfec5652ba28f154363e60d30eb07cd\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_powerpc.deb\n Size/MD5 checksum: 425910 7112b7df591f2a4fb28ba8c025c74796\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_s390.deb\n Size/MD5 checksum: 396608 ff75777592b04a235ef600fdd5f35dbd\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_s390.deb\n Size/MD5 checksum: 2772984 9da82847cc89c3d7b03d16fad1fc6c98\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_s390.deb\n Size/MD5 checksum: 257288 ed024511c52b4fb1eb430a1922094ff4\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_sparc.deb\n Size/MD5 checksum: 380626 cd3003fd724c5c45b84ff3fff8fea098\n http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_sparc.deb\n Size/MD5 checksum: 264904 e3873ec73423b9119b7c010dbb2a82c1\n http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_sparc.deb\n Size/MD5 checksum: 2771744 11c15cec8db891a7ccf49f4e1f663a68\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2009-07-28T12:16:44", "published": "2009-07-28T12:16:44", "id": "DEBIAN:DSA-1842-1:0BB8E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00157.html", "title": "[SECURITY] [DSA 1842-1] New openexr packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:41:10", "description": "Bugraq ID: 35954\r\nCVE ID\uff1aCVE-2009-1723\r\nCVE-2009-1726\r\nCVE-2009-1727\r\nCVE-2009-0151\r\nCVE-2009-1728\r\nCVE-2009-2188\r\nCVE-2009-2190\r\nCVE-2009-2191\r\nCVE-2009-2192\r\nCVE-2009-2193\r\nCVE-2009-2194\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\n\r\nApple Mac OS X\u662f\u4e00\u6b3e\u57fa\u4e8eBSD\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\nApple Mac OS X\u5b89\u5168\u5347\u7ea72009-003\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff1a\r\nCVE-ID: CVE-2008-1372\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\n \r\nbzip2\u5b58\u5728\u8d8a\u754c\u5185\u5b58\u53d1\u90a3\u4e2a\u543b\u95ee\u9898\uff0c\u6784\u5efa\u6076\u610f\u7684\u538b\u7f29\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2009-1723\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\n \r\n\u5f53Safari\u8bbf\u95ee\u5230\u901a\u8fc7302\u91cd\u5b9a\u5411\u7684WEB\u7ad9\u70b9\u65f6\uff0c\u4f1a\u63d0\u793a\u8bc1\u4e66\u8b66\u544a\uff0c\u6b64\u8b66\u544a\u4f1a\u5305\u542b\u539f\u59cbWEB\u7ad9\u70b9URL\u6765\u4ee3\u66ff\u5f53\u524dWEB\u7ad9\u70b9URL\uff0c\u8fd9\u5141\u8bb8\u6076\u610f\u6784\u5efa\u7684WEB\u7ad9\u70b9\u53ef\u63a7\u5236\u663e\u793a\u5728\u8bc1\u4e66\u8b66\u544a\u4e2d\u7684WEB\u7ad9\u70b9URL\uff0c\u5bfc\u81f4\u7528\u6237\u76f2\u76ee\u4fe1\u4efb\u3002\r\nCVE-ID: CVE-2009-1726\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\n \r\n\u6253\u5f00\u4e00\u4e2a\u7279\u6b8a\u6784\u5efa\u7684\u4f7f\u7528\u5d4c\u5165\u5f0fColorSync\u914d\u7f6e\u6587\u4ef6\u7684\u56fe\u50cf\u65f6\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2009-1727\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\n \r\n\u6253\u5f00\u90e8\u5206\u4e0d\u5b89\u5168\u5185\u5bb9\u7c7b\u578b\u65f6\u6ca1\u6709\u5bf9\u7528\u6237\u63d0\u793a\u8b66\u544a\uff0c\u53ef\u5bfc\u81f4\u6076\u610f\u811a\u672c\u4ee3\u7801\u8d1f\u8f7d\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-0151\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\n \r\n\u5c4f\u5e55\u4fdd\u62a4\u6ca1\u6709\u6b63\u786e\u963b\u65adfour-finger Multi-Touch gestures\u591a\u70b9\u89e6\u63a7\uff0c\u5141\u8bb8\u7269\u7406\u8bbf\u95ee\u7684\u7528\u6237\u53ef\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\r\nCVE-ID: CVE-2009-1728\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\n \r\n\u5904\u7406Canon RAW\u56fe\u50cf\u5b58\u5728\u591a\u4e2a\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-ID: CVE-2009-1722\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-ID: CVE-2009-1721\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u672a\u521d\u59cb\u5316\u5185\u5b58\u8bbf\u95ee\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\r\n\u3002\r\nCVE-ID: CVE-2009-1720\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-2188\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\n \r\nImageIO\u5904\u7406EXIF\u5143\u6570\u636e\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-0040\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\n \r\n\u5904\u7406PNG\u56fe\u50cf\u5b58\u5728\u672a\u521d\u59cb\u5316\u6307\u9488\u95ee\u9898\uff0c\u6784\u5efa\u7279\u6b8a\u7684PNG\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-1235\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\n \r\n\u5185\u6838fcntl\u7cfb\u7edf\u8c03\u7528\u5904\u7406\u5b58\u5728\u5b9e\u73b0\u9519\u8bef\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u8986\u76d6\u5185\u6838\u5185\u5b58\u4ee5\u7cfb\u7edf\u7279\u6743\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-ID: CVE-2009-2190\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\n \r\n\u5bf9\u57fa\u4e8einetd\u7684launchd\u670d\u52a1\u6253\u5f00\u591a\u4e2a\u8fde\u63a5\uff0c\u53ef\u5bfc\u81f4launchd\u505c\u6b62\u5bf9\u5916\u8fde\u63a5\u7684\u54cd\u5e94\u3002\r\nCVE-ID: CVE-2009-2191\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\n \r\n\u767b\u5f55\u7a97\u53e3\u5904\u7406\u5e94\u7528\u7a0b\u5e8f\u540d\u5b58\u5728\u683c\u5f0f\u4e32\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-2192\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\n \r\nMobileMe\u5b58\u5728\u4e00\u4e2a\u903b\u8f91\u9519\u8bef\uff0c\u5728\u9000\u51fa\u65f6\u6ca1\u6709\u5220\u9664\u6240\u6709\u51ed\u636e\uff0c\u672c\u5730\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u5176\u4ed6MobileMe\u5e10\u6237\u76f8\u5173\u8d44\u6e90\u3002\r\nCVE-ID: CVE-2009-2193\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\n \r\n\u5185\u6838\u5904\u7406 AppleTalk\u5e94\u7b54\u62a5\u6587\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\nCVE-ID: CVE-2009-2194\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\n \r\n\u5904\u7406\u901a\u8fc7\u672c\u5730\u5957\u63a5\u5b57\u5171\u4eab\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\u5b58\u5728\u540c\u6b65\u95ee\u9898\uff0c\u901a\u8fc7\u53d1\u9001\u5305\u542b\u6587\u4ef6\u63cf\u8ff0\u7b26\u7684\u6d88\u606f\u7ed9\u6ca1\u6709\u63a5\u6536\u8005\u7684\u5957\u63a5\u5b57\uff0c\u672c\u5730\u7528\u6237\u53ef\u5bfc\u81f4\u7cfb\u7edf\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2008-0674\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20080674\r\n \r\nXQuery\u4f7f\u7528\u7684PCRE\u5e93\u5904\u7406\u89c4\u5219\u8868\u8fbe\u5f0f\u4e2d\u7684\u5b57\u7b26\u7c7b\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u6784\u5efa\u6076\u610f\u7684XML\u5185\u5bb9\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\n\nApple Mac OS X Server 10.5.7\r\nApple Mac OS X Server 10.5.6\r\nApple Mac OS X Server 10.5.5\r\nApple Mac OS X Server 10.5.4\r\nApple Mac OS X Server 10.5.3\r\nApple Mac OS X Server 10.5.2\r\nApple Mac OS X Server 10.5.1\r\nApple Mac OS X Server 10.4.11\r\nApple Mac OS X Server 10.4.11\r\nApple Mac OS X Server 10.4.10\r\nApple Mac OS X Server 10.4.9\r\nApple Mac OS X Server 10.4.8\r\nApple Mac OS X Server 10.4.7\r\nApple Mac OS X Server 10.4.6\r\nApple Mac OS X Server 10.4.5\r\nApple Mac OS X Server 10.4.4\r\nApple Mac OS X Server 10.4.3\r\nApple Mac OS X Server 10.4.2\r\nApple Mac OS X Server 10.4.1\r\nApple Mac OS X Server 10.4\r\nApple Mac OS X Server 10.5\r\nApple Mac OS X 10.5.7\r\nApple Mac OS X 10.5.6\r\nApple Mac OS X 10.5.5\r\nApple Mac OS X 10.5.4\r\nApple Mac OS X 10.5.3\r\nApple Mac OS X 10.5.2\r\nApple Mac OS X 10.5.1\r\nApple Mac OS X 10.4.11\r\nApple Mac OS X 10.4.11\r\nApple Mac OS X 10.4.10\r\nApple Mac OS X 10.4.9\r\nApple Mac OS X 10.4.8\r\nApple Mac OS X 10.4.7\r\nApple Mac OS X 10.4.6\r\nApple Mac OS X 10.4.5\r\nApple Mac OS X 10.4.4\r\nApple Mac OS X 10.4.3\r\nApple Mac OS X 10.4.2\r\nApple Mac OS X 10.4.1\r\nApple Mac OS X 10.4\r\nApple Mac OS X 10.5\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u5347\u7ea7\u8865\u4e01\uff1a\r\nApple Mac OS X Server 10.5\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.4.11\r\nApple SecUpdSrvr2009-003PPC.dmg\r\nPowerPC\r\nhttp://www.apple.com/support/downloads/\r\nApple SecUpdSrvr2009-003Univ.dmg\r\nUniversal\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.4.11\r\nApple SecUpd2009-003Intel.dmg\r\nIntel\r\nhttp://www.apple.com/support/downloads/\r\nApple SecUpd2009-003PPC.dmg\r\nPPC\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.1\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.1\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.2\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.2\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.3\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.3\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.4\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.4\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.5\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.5\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.6\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.6\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.7\r\nApple MacOSXServerUpd10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.7\r\nApple MacOSXUpd10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/", "published": "2009-08-06T00:00:00", "title": "Apple Mac OS X 2009-003\u4fee\u8865\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0674", "CVE-2008-1372", "CVE-2009-0040", "CVE-2009-0151", "CVE-2009-1235", "CVE-2009-1720", "CVE-2009-1721", "CVE-2009-1722", "CVE-2009-1723", "CVE-2009-1726", "CVE-2009-1727", "CVE-2009-1728", "CVE-2009-2188", "CVE-2009-2190", "CVE-2009-2191", "CVE-2009-2192", "CVE-2009-2193", "CVE-2009-2194"], "modified": "2009-08-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11998", "id": "SSV:11998", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}]}