Lucene search
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2005-144.NASLHistoryOct 05, 2005 - 12:00 a.m.
Mandrake Linux Security Advisory : wxPythonGTK (MDKSA-2005:144)
2005-10-0500:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
11
Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the ‘YCbCr subsampling’ value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which can cause a program that uses the TIFF library to crash.
wxPythonGTK uses an embedded libtiff source tree, and as such has the same vulnerability.
The updated packages have been rebuilt using the system libraries and should now incorporate all the updates to libjpeg, libpng, libtiff and zlib.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2005:144.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(19901);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2005-2452");
script_xref(name:"MDKSA", value:"2005:144");
script_name(english:"Mandrake Linux Security Advisory : wxPythonGTK (MDKSA-2005:144)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the 'YCbCr subsampling' value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which can cause a program that uses the TIFF
library to crash.
wxPythonGTK uses an embedded libtiff source tree, and as such has the
same vulnerability.
The updated packages have been rebuilt using the system libraries and
should now incorporate all the updates to libjpeg, libpng, libtiff and
zlib."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wxPythonGTK2.5_2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wxPythonGTK2.5_2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wxPythonGTK2.5_3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wxPythonGTK2.5_3-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwxPythonGTK2.5_2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwxPythonGTK2.5_2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwxPythonGTK2.5_3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwxPythonGTK2.5_3-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wxPythonGTK");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
script_set_attribute(attribute:"patch_publication_date", value:"2005/08/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64wxPythonGTK2.5_2-2.5.2.7-3.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64wxPythonGTK2.5_2-devel-2.5.2.7-3.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libwxPythonGTK2.5_2-2.5.2.7-3.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libwxPythonGTK2.5_2-devel-2.5.2.7-3.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"wxPythonGTK-2.5.2.7-3.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64wxPythonGTK2.5_3-2.5.3.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64wxPythonGTK2.5_3-devel-2.5.3.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libwxPythonGTK2.5_3-2.5.3.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libwxPythonGTK2.5_3-devel-2.5.3.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"wxPythonGTK-2.5.3.1-3.1.102mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | lib64wxpythongtk2.5_2 | p-cpe:/a:mandriva:linux:lib64wxpythongtk2.5_2 |
| mandriva | linux | lib64wxpythongtk2.5_2-devel | p-cpe:/a:mandriva:linux:lib64wxpythongtk2.5_2-devel |
| mandriva | linux | lib64wxpythongtk2.5_3 | p-cpe:/a:mandriva:linux:lib64wxpythongtk2.5_3 |
| mandriva | linux | lib64wxpythongtk2.5_3-devel | p-cpe:/a:mandriva:linux:lib64wxpythongtk2.5_3-devel |
| mandriva | linux | libwxpythongtk2.5_2 | p-cpe:/a:mandriva:linux:libwxpythongtk2.5_2 |
| mandriva | linux | libwxpythongtk2.5_2-devel | p-cpe:/a:mandriva:linux:libwxpythongtk2.5_2-devel |
| mandriva | linux | libwxpythongtk2.5_3 | p-cpe:/a:mandriva:linux:libwxpythongtk2.5_3 |
| mandriva | linux | libwxpythongtk2.5_3-devel | p-cpe:/a:mandriva:linux:libwxpythongtk2.5_3-devel |
| mandriva | linux | wxpythongtk | p-cpe:/a:mandriva:linux:wxpythongtk |
| mandrakesoft | mandrake_linux | 10.1 | cpe:/o:mandrakesoft:mandrake_linux:10.1 |
Related
nessus
nessus
Mandrake Linux Security Advisory : kdegraphics (MDKSA-2005:143)
2005-10-05 00:00:00
Mandrake Linux Security Advisory : libtiff (MDKSA-2005:142)
2005-10-05 00:00:00
securityvulns
securityvulns
MDKSA-2005:144 - Updated wxPythonGTK packages several vulnerabilities
2005-08-19 00:00:00
cve
cve
CVE-2004-0804
2004-11-03 05:00:00
CVE-2005-2452
2005-08-03 04:00:00
debiancve
debiancve
CVE-2005-2452
2005-08-03 04:00:00
CVE-2004-0804
2004-11-03 05:00:00
ubuntucve
ubuntucve
CVE-2005-2452
2005-08-03 00:00:00
CVE-2004-0804
2004-11-03 00:00:00
Related for MANDRAKE_MDKSA-2005-144.NASL