Lucene search
K

Mandriva Linux Security Advisory : directfb (MDVSA-2015:223)

🗓️ 05 May 2015 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 29 Views

Updated directfb packages fix integer signedness and out-of-bounds write vulnerabilitie

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE
CVE-2014-2977
11 Jun 201414:00
cve
CVE
CVE-2014-2978
11 Jun 201414:00
cve
Cvelist
CVE-2014-2977
11 Jun 201414:00
cvelist
Cvelist
CVE-2014-2978
11 Jun 201414:00
cvelist
Debian CVE
CVE-2014-2977
11 Jun 201414:00
debiancve
Debian CVE
CVE-2014-2978
11 Jun 201414:00
debiancve
EUVD
EUVD-2014-3000
7 Oct 202500:30
euvd
Tenable Nessus
GLSA-201701-55 : DirectFB: Multiple vulnerabilities
23 Jan 201700:00
nessus
Tenable Nessus
openSUSE Security Update : DirectFB (openSUSE-2015-340)
1 May 201500:00
nessus
Tenable Nessus
SUSE SLED12 / SLES12 Security Update : DirectFB (SUSE-SU-2015:0839-1)
20 May 201500:00
nessus
Rows per page
#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2015:223. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(83247);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2014-2977", "CVE-2014-2978");
  script_xref(name:"MDVSA", value:"2015:223");

  script_name(english:"Mandriva Linux Security Advisory : directfb (MDVSA-2015:223)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated directfb packages fix security vulnerabilities :

Multiple integer signedness errors in the Dispatch_Write function in
proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via the Voodoo interface, which triggers a
stack-based buffer overflow (CVE-2014-2977).

The Dispatch_Write function in
proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via the Voodoo interface, which triggers an
out-of-bounds write (CVE-2014-2978)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2015-0176.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:directfb-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64directfb-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64directfb1.5_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64directfb1.7_0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/05/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"directfb-doc-1.5.3-5.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64directfb-devel-1.5.3-5.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64directfb1.5_0-1.5.3-5.1.mbs1")) flag++;

if (rpm_check(release:"MDK-MBS2", reference:"directfb-doc-1.7.0-3.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64directfb-devel-1.7.0-3.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64directfb1.7_0-1.7.0-3.1.mbs2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation