Search...

Pidgin < 2.9.0 gdk_pixbuf__gif_image_load() Denial of Service

2011-06-27T00:00:00

ID PIDGIN_2_9_0.NASL
Type nessus
Reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
Modified 2021-01-02T00:00:00

Description

The version of Pidgin installed on the remote host is earlier than 2.9.0. As such, it is potentially affected by a denial of service vulnerability.

The function 'gdk_pixbuf__gif_image_load' contains an error that allows a crafted GIF image file, when used as a buddy image, to cause memory exhaustion and finally process termination.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(55436);
  script_version("1.5");
  script_cvs_date("Date: 2018/07/24 18:56:13");

  script_cve_id("CVE-2011-2485");
  script_bugtraq_id(48425);
  script_xref(name:"Secunia", value:"45037");

  script_name(english:"Pidgin &lt; 2.9.0 gdk_pixbuf__gif_image_load() Denial of Service");
  script_summary(english:"Does a version check");

  script_set_attribute(
    attribute:"synopsis",
    value:
"An instant messaging client installed on the remote Windows host is
affected by a denial of service vulnerability."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of Pidgin installed on the remote host is earlier than
2.9.0.  As such, it is potentially affected by a denial of service
vulnerability. 

The function 'gdk_pixbuf__gif_image_load' contains an error that
allows a crafted GIF image file, when used as a buddy image, to cause
memory exhaustion and finally process termination.");
  script_set_attribute(
    attribute:"see_also",
    value:"http://pidgin.im/news/security/?id=52"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://developer.pidgin.im/wiki/ChangeLog"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Upgrade to Pidgin 2.9.0 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date",value:"2011/06/24");
  script_set_attribute(attribute:"patch_publication_date",value:"2011/06/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pidgin:pidgin");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("pidgin_installed.nasl");
  script_require_keys("SMB/Pidgin/Version");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("SMB/Pidgin/Version");
fixed_version = '2.9.0';

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  path = get_kb_item_or_exit("SMB/Pidgin/Path");
  port = get_kb_item("SMB/transport");

  if (report_verbosity &gt; 0)
  {
    report =
      '\n  Path               : ' + path +
      '\n  Installed version  : ' + version +
      '\n  Fixed version      : ' + fixed_version + '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else exit(0, "Pidgin " + version + " is installed and hence not affected.");

JSON Vulners Source

Initial Source

{"id": "PIDGIN_2_9_0.NASL", "bulletinFamily": "scanner", "title": "Pidgin < 2.9.0 gdk_pixbuf__gif_image_load() Denial of Service", "description": "The version of Pidgin installed on the remote host is earlier than\n2.9.0. As such, it is potentially affected by a denial of service\nvulnerability. \n\nThe function 'gdk_pixbuf__gif_image_load' contains an error that\nallows a crafted GIF image file, when used as a buddy image, to cause\nmemory exhaustion and finally process termination.", "published": "2011-06-27T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/55436", "reporter": "This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.", "references": ["http://pidgin.im/news/security/?id=52", "http://developer.pidgin.im/wiki/ChangeLog"], "cvelist": ["CVE-2011-2485"], "type": "nessus", "lastseen": "2021-01-01T04:55:02", "edition": 24, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2485"]}, {"type": "slackware", "idList": ["SSA-2011-178-01"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201206-11.NASL", "SLACKWARE_SSA_2011-178-01.NASL", "SUSE_11_GDK-PIXBUF-120531.NASL", "SUSE_GTK2-8174.NASL", "SUSE_11_GTK2-120605.NASL", "FEDORA_2011-8667.NASL", "MANDRIVA_MDVSA-2011-132.NASL", "SUSE_GDK-PIXBUF-8158.NASL", "GENTOO_GLSA-201206-20.NASL", "FEDORA_2011-8672.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26600", "SECURITYVULNS:VULN:11756"]}, {"type": "fedora", "idList": ["FEDORA:0E6C320B50", "FEDORA:F10D6110BE3", "FEDORA:D30CE110615", "FEDORA:1804721028", "FEDORA:B8659110FC4", "FEDORA:9FE181106B3", "FEDORA:9363120911", "FEDORA:3A6A1110E8A", "FEDORA:05BF1110655"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863469", "OPENVAS:136141256231071587", "OPENVAS:71954", "OPENVAS:1361412562310863311", "OPENVAS:1361412562310863327", "OPENVAS:863311", "OPENVAS:136141256231071954", "OPENVAS:1361412562310863433", "OPENVAS:863327", "OPENVAS:863433"]}, {"type": "gentoo", "idList": ["GLSA-201206-20", "GLSA-201206-11"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1102", "ELSA-2013-0646"]}], "modified": "2021-01-01T04:55:02", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-01-01T04:55:02", "rev": 2}, "vulnersScore": 5.9}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(55436);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/24 18:56:13\");\n\n script_cve_id(\"CVE-2011-2485\");\n script_bugtraq_id(48425);\n script_xref(name:\"Secunia\", value:\"45037\");\n\n script_name(english:\"Pidgin < 2.9.0 gdk_pixbuf__gif_image_load() Denial of Service\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"An instant messaging client installed on the remote Windows host is\naffected by a denial of service vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Pidgin installed on the remote host is earlier than\n2.9.0. As such, it is potentially affected by a denial of service\nvulnerability. \n\nThe function 'gdk_pixbuf__gif_image_load' contains an error that\nallows a crafted GIF image file, when used as a buddy image, to cause\nmemory exhaustion and finally process termination.\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/?id=52\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://developer.pidgin.im/wiki/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Pidgin 2.9.0 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2011/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2011/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pidgin:pidgin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"pidgin_installed.nasl\");\n script_require_keys(\"SMB/Pidgin/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Pidgin/Version\");\nfixed_version = '2.9.0';\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n path = get_kb_item_or_exit(\"SMB/Pidgin/Path\");\n port = get_kb_item(\"SMB/transport\");\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse exit(0, \"Pidgin \" + version + \" is installed and hence not affected.\");\n", "naslFamily": "Windows", "pluginID": "55436", "cpe": ["cpe:/a:pidgin:pidgin"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:39:08", "description": "The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.", "edition": 5, "cvss3": {}, "published": "2012-07-03T16:40:00", "title": "CVE-2011-2485", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2485"], "modified": "2012-07-03T16:40:00", "cpe": ["cpe:/a:gnome:gdk-pixbuf:2.22.1", "cpe:/a:gnome:gdk-pixbuf:2.23.3"], "id": "CVE-2011-2485", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2485", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnome:gdk-pixbuf:2.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:gdk-pixbuf:2.22.1:*:*:*:*:*:*:*"]}], "slackware": [{"lastseen": "2020-10-25T16:35:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2485"], "description": "New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/pidgin-2.9.0-i486-1_slack13.37.txz: Upgraded.\n Fixed a remote denial of service. A remote attacker could set a specially\n crafted GIF file as their buddy icon causing vulerable versions of pidgin\n to crash due to excessive memory use.\n For more information, see:\n http://pidgin.im/news/security/?id=52\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.9.0-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/pidgin-2.9.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/pidgin-2.9.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/pidgin-2.9.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/pidgin-2.9.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/pidgin-2.9.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/pidgin-2.9.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.9.0-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.9.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.2 package:\nfc1a92d8fcce2b11d3eea747255aadd5 pidgin-2.9.0-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n4523a538f5c1f6dbc267a05c3f0c3d39 pidgin-2.9.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nb10d74b33d814f41bb3e7e3a65013d83 pidgin-2.9.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n815fe39274fea0b7618dee8465be5b09 pidgin-2.9.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ne7d6da493c76f3898c25590d4ec09490 pidgin-2.9.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n276ab5a94fad246d9120c33a396fb484 pidgin-2.9.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n6625960c550a8ee6373abb5338c25818 pidgin-2.9.0-x86_64-1_slack13.37.txz\n\nSlackware -current package:\n517f9f04054fd5ce1df1e63b5b12811f xap/pidgin-2.9.0-i486-1.txz\n\nSlackware x86_64 -current package:\n98d49d72f76fae74eee558a8173ef98a xap/pidgin-2.9.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.9.0-i486-1_slack13.37.txz", "modified": "2011-06-28T04:19:23", "published": "2011-06-28T04:19:23", "id": "SSA-2011-178-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.458205", "type": "slackware", "title": "[slackware-security] pidgin", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-2485"], "description": "Memory exhaustion on GIF icons parsing.", "edition": 1, "modified": "2011-07-04T00:00:00", "published": "2011-07-04T00:00:00", "id": "SECURITYVULNS:VULN:11756", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11756", "title": "pidgin instant messenger DoS", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-2485"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[slackware-security] pidgin (SSA:2011-178-01)\r\n\r\nNew pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37,\r\nand -current to fix a security issue.\r\n\r\n\r\nHere are the details from the Slackware 13.37 ChangeLog:\r\n+--------------------------+\r\npatches/packages/pidgin-2.9.0-i486-1_slack13.37.txz: Upgraded.\r\n Fixed a remote denial of service. A remote attacker could set a specially\r\n crafted GIF file as their buddy icon causing vulerable versions of pidgin\r\n to crash due to excessive memory use.\r\n For more information, see:\r\n http://pidgin.im/news/security/?id=52\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485\r\n (* Security fix *)\r\n+--------------------------+\r\n\r\n\r\nWhere to find the new packages:\r\n+-----------------------------+\r\n\r\nThanks to the friendly folks at the OSU Open Source Lab\r\n(http://osuosl.org) for donating FTP and rsync hosting\r\nto the Slackware project! :-)\r\n\r\nAlso see the "Get Slack" section on http://slackware.com for\r\nadditional mirror sites near you.\r\n\r\nUpdated package for Slackware 12.2:\r\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.9.0-i486-1_slack12.2.tgz\r\n\r\nUpdated package for Slackware 13.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/pidgin-2.9.0-i486-1_slack13.0.txz\r\n\r\nUpdated package for Slackware x86_64 13.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/pidgin-2.9.0-x86_64-1_slack13.0.txz\r\n\r\nUpdated package for Slackware 13.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/pidgin-2.9.0-i486-1_slack13.1.txz\r\n\r\nUpdated package for Slackware x86_64 13.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/pidgin-2.9.0-x86_64-1_slack13.1.txz\r\n\r\nUpdated package for Slackware 13.37:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/pidgin-2.9.0-i486-1_slack13.37.txz\r\n\r\nUpdated package for Slackware x86_64 13.37:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/pidgin-2.9.0-x86_64-1_slack13.37.txz\r\n\r\nUpdated package for Slackware -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.9.0-i486-1.txz\r\n\r\nUpdated package for Slackware x86_64 -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.9.0-x86_64-1.txz\r\n\r\n\r\nMD5 signatures:\r\n+-------------+\r\n\r\nSlackware 12.2 package:\r\nfc1a92d8fcce2b11d3eea747255aadd5 pidgin-2.9.0-i486-1_slack12.2.tgz\r\n\r\nSlackware 13.0 package:\r\n4523a538f5c1f6dbc267a05c3f0c3d39 pidgin-2.9.0-i486-1_slack13.0.txz\r\n\r\nSlackware x86_64 13.0 package:\r\nb10d74b33d814f41bb3e7e3a65013d83 pidgin-2.9.0-x86_64-1_slack13.0.txz\r\n\r\nSlackware 13.1 package:\r\n815fe39274fea0b7618dee8465be5b09 pidgin-2.9.0-i486-1_slack13.1.txz\r\n\r\nSlackware x86_64 13.1 package:\r\ne7d6da493c76f3898c25590d4ec09490 pidgin-2.9.0-x86_64-1_slack13.1.txz\r\n\r\nSlackware 13.37 package:\r\n276ab5a94fad246d9120c33a396fb484 pidgin-2.9.0-i486-1_slack13.37.txz\r\n\r\nSlackware x86_64 13.37 package:\r\n6625960c550a8ee6373abb5338c25818 pidgin-2.9.0-x86_64-1_slack13.37.txz\r\n\r\nSlackware -current package:\r\n517f9f04054fd5ce1df1e63b5b12811f xap/pidgin-2.9.0-i486-1.txz\r\n\r\nSlackware x86_64 -current package:\r\n98d49d72f76fae74eee558a8173ef98a xap/pidgin-2.9.0-x86_64-1.txz\r\n\r\n\r\nInstallation instructions:\r\n+------------------------+\r\n\r\nUpgrade the package as root:\r\n# upgradepkg pidgin-2.9.0-i486-1_slack13.37.txz\r\n\r\n\r\n+-----+\r\n\r\nSlackware Linux Security Team\r\nhttp://slackware.com/gpg-key\r\nsecurity@slackware.com\r\n\r\n+------------------------------------------------------------------------+\r\n| To leave the slackware-security mailing list: |\r\n+------------------------------------------------------------------------+\r\n| Send an email to majordomo@slackware.com with this text in the body of |\r\n| the email message: |\r\n| |\r\n| unsubscribe slackware-security |\r\n| |\r\n| You will get a confirmation message back containing instructions to |\r\n| complete the process. Please do not reply to this email address. |\r\n+------------------------------------------------------------------------+\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk4JVWkACgkQakRjwEAQIjPfXQCfdMnHVK3m9IKIR7vcN+9/Qlb3\r\n0NkAnilbAF+m2ov1UJ3WmTL1UoJ284+C\r\n=odOQ\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2011-07-04T00:00:00", "published": "2011-07-04T00:00:00", "id": "SECURITYVULNS:DOC:26600", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26600", "title": "[slackware-security] pidgin (SSA:2011-178-01)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-25T10:55:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "description": "Check for the Version of gdk-pixbuf2", "modified": "2017-07-10T00:00:00", "published": "2011-08-19T00:00:00", "id": "OPENVAS:863433", "href": "http://plugins.openvas.org/nasl.php?oid=863433", "type": "openvas", "title": "Fedora Update for gdk-pixbuf2 FEDORA-2011-8667", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gdk-pixbuf2 FEDORA-2011-8667\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gdk-pixbuf2 on Fedora 14\";\ntag_insight = \"gdk-pixbuf is an image loading library that can be extended by loadable\n modules for new image formats. It is used by toolkits such as GTK+ or\n clutter.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063859.html\");\n script_id(863433);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-8667\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-2485\");\n script_name(\"Fedora Update for gdk-pixbuf2 FEDORA-2011-8667\");\n\n script_summary(\"Check for the Version of gdk-pixbuf2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdk-pixbuf2\", rpm:\"gdk-pixbuf2~2.22.0~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-07-12T00:00:00", "id": "OPENVAS:1361412562310863327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863327", "type": "openvas", "title": "Fedora Update for pidgin FEDORA-2011-8966", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2011-8966\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062302.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863327\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-12 08:00:26 +0200 (Tue, 12 Jul 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-8966\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-2485\");\n script_name(\"Fedora Update for pidgin FEDORA-2011-8966\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pidgin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"pidgin on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.9.0~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:40:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-19T00:00:00", "id": "OPENVAS:1361412562310863433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863433", "type": "openvas", "title": "Fedora Update for gdk-pixbuf2 FEDORA-2011-8667", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gdk-pixbuf2 FEDORA-2011-8667\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063859.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863433\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-8667\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-2485\");\n script_name(\"Fedora Update for gdk-pixbuf2 FEDORA-2011-8667\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gdk-pixbuf2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"gdk-pixbuf2 on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdk-pixbuf2\", rpm:\"gdk-pixbuf2~2.22.0~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "description": "Check for the Version of pidgin", "modified": "2017-07-10T00:00:00", "published": "2011-07-12T00:00:00", "id": "OPENVAS:863327", "href": "http://plugins.openvas.org/nasl.php?oid=863327", "type": "openvas", "title": "Fedora Update for pidgin FEDORA-2011-8966", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2011-8966\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062302.html\");\n script_id(863327);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-12 08:00:26 +0200 (Tue, 12 Jul 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-8966\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-2485\");\n script_name(\"Fedora Update for pidgin FEDORA-2011-8966\");\n\n script_summary(\"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.9.0~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-178-01.", "modified": "2017-07-06T00:00:00", "published": "2012-09-10T00:00:00", "id": "OPENVAS:71954", "href": "http://plugins.openvas.org/nasl.php?oid=71954", "type": "openvas", "title": "Slackware Advisory SSA:2011-178-01 pidgin ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_178_01.nasl 6581 2017-07-06 13:58:51Z cfischer $\n# Description: Auto-generated from advisory SSA:2011-178-01\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37,\nand -current to fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2011-178-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-178-01\";\n \nif(description)\n{\n script_id(71954);\n script_cve_id(\"CVE-2011-2485\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6581 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:58:51 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:17 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2011-178-01 pidgin \");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.9.0-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.9.0-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.9.0-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.9.0-i486-1_slack13.37\", rls:\"SLK13.37\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-07-12T00:00:00", "id": "OPENVAS:1361412562310863311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863311", "type": "openvas", "title": "Fedora Update for gdk-pixbuf2 FEDORA-2011-8672", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gdk-pixbuf2 FEDORA-2011-8672\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062019.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863311\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-12 08:00:26 +0200 (Tue, 12 Jul 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-8672\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-2485\");\n script_name(\"Fedora Update for gdk-pixbuf2 FEDORA-2011-8672\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gdk-pixbuf2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"gdk-pixbuf2 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdk-pixbuf2\", rpm:\"gdk-pixbuf2~2.23.3~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "description": "Check for the Version of gdk-pixbuf2", "modified": "2017-07-10T00:00:00", "published": "2011-07-12T00:00:00", "id": "OPENVAS:863311", "href": "http://plugins.openvas.org/nasl.php?oid=863311", "type": "openvas", "title": "Fedora Update for gdk-pixbuf2 FEDORA-2011-8672", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gdk-pixbuf2 FEDORA-2011-8672\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gdk-pixbuf2 on Fedora 15\";\ntag_insight = \"gdk-pixbuf is an image loading library that can be extended by loadable\n modules for new image formats. It is used by toolkits such as GTK+ or\n clutter.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062019.html\");\n script_id(863311);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-12 08:00:26 +0200 (Tue, 12 Jul 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-8672\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-2485\");\n script_name(\"Fedora Update for gdk-pixbuf2 FEDORA-2011-8672\");\n\n script_summary(\"Check for the Version of gdk-pixbuf2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdk-pixbuf2\", rpm:\"gdk-pixbuf2~2.23.3~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-178-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-10T00:00:00", "id": "OPENVAS:136141256231071954", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071954", "type": "openvas", "title": "Slackware Advisory SSA:2011-178-01 pidgin", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_178_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from advisory SSA:2011-178-01\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71954\");\n script_cve_id(\"CVE-2011-2485\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:17 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2011-178-01 pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.2|13\\.0|13\\.1|13\\.37)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-178-01\");\n\n script_tag(name:\"insight\", value:\"New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37,\nand -current to fix a security issue.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2011-178-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"pidgin\", ver:\"2.9.0-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"pidgin\", ver:\"2.9.0-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"pidgin\", ver:\"2.9.0-i486-1_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"pidgin\", ver:\"2.9.0-i486-1_slack13.37\", rls:\"SLK13.37\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:50:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485", "CVE-2012-2370"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-20.", "modified": "2017-07-07T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:71587", "href": "http://plugins.openvas.org/nasl.php?oid=71587", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-20 (gdk-pixbuf)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in gdk-pixbuf may create a Denial of\nService condition.\";\ntag_solution = \"All gdk-pixbuf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/gdk-pixbuf-2.24.1-r1'\n \n\nPackages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these\npackages.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=373999\nhttp://bugs.gentoo.org/show_bug.cgi?id=412033\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-20.\";\n\n \n \nif(description)\n{\n script_id(71587);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-2485\", \"CVE-2012-2370\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:56 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-20 (gdk-pixbuf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"x11-libs/gdk-pixbuf\", unaffected: make_list(\"ge 2.24.1-r1\"), vulnerable: make_list(\"lt 2.24.1-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485", "CVE-2011-3184"], "description": "Check for the Version of pidgin", "modified": "2017-07-10T00:00:00", "published": "2011-09-07T00:00:00", "id": "OPENVAS:863469", "href": "http://plugins.openvas.org/nasl.php?oid=863469", "type": "openvas", "title": "Fedora Update for pidgin FEDORA-2011-11544", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2011-11544\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html\");\n script_id(863469);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11544\");\n script_cve_id(\"CVE-2011-2485\", \"CVE-2011-3184\");\n script_name(\"Fedora Update for pidgin FEDORA-2011-11544\");\n\n script_summary(\"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.10.0~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2485"], "description": "gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. ", "modified": "2011-06-26T18:48:34", "published": "2011-06-26T18:48:34", "id": "FEDORA:05BF1110655", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: gdk-pixbuf2-2.23.3-2.fc15", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2485"], "description": "gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. ", "modified": "2011-08-17T01:15:47", "published": "2011-08-17T01:15:47", "id": "FEDORA:B8659110FC4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: gdk-pixbuf2-2.22.0-2.fc14", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2485"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2011-07-04T18:56:36", "published": "2011-07-04T18:56:36", "id": "FEDORA:F10D6110BE3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: pidgin-2.9.0-1.fc15", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2485", "CVE-2011-3184"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2011-08-31T01:28:05", "published": "2011-08-31T01:28:05", "id": "FEDORA:3A6A1110E8A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: pidgin-2.10.0-1.fc15", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3711", "CVE-2011-1091", "CVE-2011-2485"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2011-07-12T04:52:22", "published": "2011-07-12T04:52:22", "id": "FEDORA:9FE181106B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: pidgin-2.9.0-1.fc14", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3711", "CVE-2011-1091", "CVE-2011-2485", "CVE-2011-3184"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2011-09-07T00:29:29", "published": "2011-09-07T00:29:29", "id": "FEDORA:D30CE110615", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: pidgin-2.10.0-1.fc14", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2485", "CVE-2011-3594", "CVE-2011-4601", "CVE-2011-4602", "CVE-2011-4603"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2012-04-01T00:30:30", "published": "2012-04-01T00:30:30", "id": "FEDORA:1804721028", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: pidgin-2.10.2-1.fc15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2485", "CVE-2011-3594", "CVE-2011-4601", "CVE-2011-4602", "CVE-2011-4603"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2012-01-07T22:59:32", "published": "2012-01-07T22:59:32", "id": "FEDORA:0E6C320B50", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: pidgin-2.10.1-1.fc15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2485", "CVE-2011-3594", "CVE-2011-4601", "CVE-2011-4602", "CVE-2011-4603", "CVE-2012-2214", "CVE-2012-2318"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2012-06-10T01:37:04", "published": "2012-06-10T01:37:04", "id": "FEDORA:9363120911", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: pidgin-2.10.4-1.fc15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T01:09:55", "description": "New pidgin packages are available for Slackware 12.2, 13.0, 13.1,\n13.37, and -current to fix a security issue.", "edition": 22, "published": "2011-07-28T00:00:00", "title": "Slackware 12.2 / 13.0 / 13.1 / 13.37 / current : pidgin (SSA:2011-178-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:pidgin", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2011-178-01.NASL", "href": "https://www.tenable.com/plugins/nessus/55703", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2011-178-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55703);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:21\");\n\n script_cve_id(\"CVE-2011-2485\");\n script_xref(name:\"SSA\", value:\"2011-178-01\");\n\n script_name(english:\"Slackware 12.2 / 13.0 / 13.1 / 13.37 / current : pidgin (SSA:2011-178-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New pidgin packages are available for Slackware 12.2, 13.0, 13.1,\n13.37, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.458205\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34679ba5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.2\", pkgname:\"pidgin\", pkgver:\"2.9.0\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"pidgin\", pkgver:\"2.9.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.9.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"pidgin\", pkgver:\"2.9.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.9.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"pidgin\", pkgver:\"2.9.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.9.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"pidgin\", pkgver:\"2.9.0\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.9.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:09:45", "description": "It was found that gdk-pixbuf GIF image loader\ngdk_pixbuf__gif_image_load() routine did not properly handle certain\nreturn values from their subroutines. A remote attacker could provide\na specially crafted GIF image, which once opened in an application,\nlinked against gdk-pixbuf would lead to gdk-pixbuf to return partially\ninitialized pixbuf structure, possibly having huge width and height,\nleading to that particular application termination due excessive\nmemory use.\n\nThe CVE identifier of CVE-2011-2485 has been assigned to this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2011-08-17T00:00:00", "title": "Fedora 14 : gdk-pixbuf2-2.22.0-2.fc14 (2011-8667)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "modified": "2011-08-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gdk-pixbuf2", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-8667.NASL", "href": "https://www.tenable.com/plugins/nessus/55871", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8667.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55871);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(48425);\n script_xref(name:\"FEDORA\", value:\"2011-8667\");\n\n script_name(english:\"Fedora 14 : gdk-pixbuf2-2.22.0-2.fc14 (2011-8667)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that gdk-pixbuf GIF image loader\ngdk_pixbuf__gif_image_load() routine did not properly handle certain\nreturn values from their subroutines. A remote attacker could provide\na specially crafted GIF image, which once opened in an application,\nlinked against gdk-pixbuf would lead to gdk-pixbuf to return partially\ninitialized pixbuf structure, possibly having huge width and height,\nleading to that particular application termination due excessive\nmemory use.\n\nThe CVE identifier of CVE-2011-2485 has been assigned to this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063859.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f9917b9c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdk-pixbuf2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdk-pixbuf2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"gdk-pixbuf2-2.22.0-2.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:09:45", "description": "It was found that gdk-pixbuf GIF image loader\ngdk_pixbuf__gif_image_load() routine did not properly handle certain\nreturn values from their subroutines. A remote attacker could provide\na specially crafted GIF image, which once opened in an application,\nlinked against gdk-pixbuf would lead to gdk-pixbuf to return partially\ninitialized pixbuf structure, possibly having huge width and height,\nleading to that particular application termination due excessive\nmemory use.\n\nThe CVE identifier of CVE-2011-2485 has been assigned to this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2011-06-27T00:00:00", "title": "Fedora 15 : gdk-pixbuf2-2.23.3-2.fc15 (2011-8672)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485"], "modified": "2011-06-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gdk-pixbuf2", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-8672.NASL", "href": "https://www.tenable.com/plugins/nessus/55428", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8672.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55428);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(48425);\n script_xref(name:\"FEDORA\", value:\"2011-8672\");\n\n script_name(english:\"Fedora 15 : gdk-pixbuf2-2.23.3-2.fc15 (2011-8672)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that gdk-pixbuf GIF image loader\ngdk_pixbuf__gif_image_load() routine did not properly handle certain\nreturn values from their subroutines. A remote attacker could provide\na specially crafted GIF image, which once opened in an application,\nlinked against gdk-pixbuf would lead to gdk-pixbuf to return partially\ninitialized pixbuf structure, possibly having huge width and height,\nleading to that particular application termination due excessive\nmemory use.\n\nThe CVE identifier of CVE-2011-2485 has been assigned to this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-June/062019.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f06d6b3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdk-pixbuf2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdk-pixbuf2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"gdk-pixbuf2-2.23.3-2.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-05T12:52:57", "description": "The following issue has been fixed :\n\n - Specially crafted GIF and XBM files could have crashed\n gtk2. (CVE-2012-2370 / CVE-2011-2485)", "edition": 16, "published": "2012-07-06T00:00:00", "title": "SuSE 10 Security Update : gtk2 (ZYPP Patch Number 8174)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485", "CVE-2012-2370"], "modified": "2012-07-06T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GTK2-8174.NASL", "href": "https://www.tenable.com/plugins/nessus/59855", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59855);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2011-2485\", \"CVE-2012-2370\");\n\n script_name(english:\"SuSE 10 Security Update : gtk2 (ZYPP Patch Number 8174)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issue has been fixed :\n\n - Specially crafted GIF and XBM files could have crashed\n gtk2. (CVE-2012-2370 / CVE-2011-2485)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2485.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2370.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8174.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"gtk2-2.8.11-0.29.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"gtk2-devel-2.8.11-0.29.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"gtk2-doc-2.8.11-0.29.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"gtk2-32bit-2.8.11-0.29.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"gtk2-2.8.11-0.29.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"gtk2-devel-2.8.11-0.29.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"gtk2-doc-2.8.11-0.29.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"gtk2-32bit-2.8.11-0.29.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-05T12:29:01", "description": "The following issue has been fixed :\n\n - Specially crafted GIF and XBM files could have crashed\n gtk2 (CVE-2012-2370 / CVE-2011-2485)", "edition": 16, "published": "2013-01-25T00:00:00", "title": "SuSE 11.1 / 11.2 Security Update : gtk2 (SAT Patch Numbers 6389 / 6390)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485", "CVE-2012-2370"], "modified": "2013-01-25T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:gtk2-doc", "p-cpe:/a:novell:suse_linux:11:gtk2-32bit", "p-cpe:/a:novell:suse_linux:11:gtk2-lang", "p-cpe:/a:novell:suse_linux:11:gtk2", "p-cpe:/a:novell:suse_linux:11:gtk2-devel"], "id": "SUSE_11_GTK2-120605.NASL", "href": "https://www.tenable.com/plugins/nessus/64153", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64153);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2011-2485\", \"CVE-2012-2370\");\n\n script_name(english:\"SuSE 11.1 / 11.2 Security Update : gtk2 (SAT Patch Numbers 6389 / 6390)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issue has been fixed :\n\n - Specially crafted GIF and XBM files could have crashed\n gtk2 (CVE-2012-2370 / CVE-2011-2485)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=762735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2485.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2370.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 6389 / 6390 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gtk2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gtk2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gtk2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gtk2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"gtk2-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"gtk2-devel-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"gtk2-lang-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gtk2-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gtk2-32bit-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gtk2-devel-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gtk2-lang-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"gtk2-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"gtk2-devel-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"gtk2-lang-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"gtk2-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"gtk2-32bit-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"gtk2-devel-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"gtk2-lang-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"gtk2-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"gtk2-doc-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"gtk2-lang-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"gtk2-32bit-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"gtk2-32bit-2.18.9-0.20.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"gtk2-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"gtk2-doc-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"gtk2-lang-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"gtk2-32bit-2.18.9-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"gtk2-32bit-2.18.9-0.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:54:18", "description": "The remote host is affected by the vulnerability described in GLSA-201206-20\n(gdk-pixbuf: Denial of Service)\n\n Two vulnerabilities have been found in gdk-pixbuf:\n The 'gdk_pixbuf__gif_image_load()' function in io-gif.c fails to\n properly handle certain return values from subroutines (CVE-2011-2485).\n The 'read_bitmap_file_data()' function in io-xbm.c contains an\n integer overflow error (CVE-2012-2370).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted image\n in an application linked against gdk-pixbuf, possibly resulting in Denial\n of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2012-06-25T00:00:00", "title": "GLSA-201206-20 : gdk-pixbuf: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485", "CVE-2012-2370"], "modified": "2012-06-25T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:gdk-pixbuf"], "id": "GENTOO_GLSA-201206-20.NASL", "href": "https://www.tenable.com/plugins/nessus/59673", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-20.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59673);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2485\", \"CVE-2012-2370\");\n script_bugtraq_id(48425, 53548);\n script_xref(name:\"GLSA\", value:\"201206-20\");\n\n script_name(english:\"GLSA-201206-20 : gdk-pixbuf: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-20\n(gdk-pixbuf: Denial of Service)\n\n Two vulnerabilities have been found in gdk-pixbuf:\n The 'gdk_pixbuf__gif_image_load()' function in io-gif.c fails to\n properly handle certain return values from subroutines (CVE-2011-2485).\n The 'read_bitmap_file_data()' function in io-xbm.c contains an\n integer overflow error (CVE-2012-2370).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted image\n in an application linked against gdk-pixbuf, possibly resulting in Denial\n of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All gdk-pixbuf users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/gdk-pixbuf-2.24.1-r1'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gdk-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"x11-libs/gdk-pixbuf\", unaffected:make_list(\"ge 2.24.1-r1\"), vulnerable:make_list(\"lt 2.24.1-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:54:16", "description": "The remote host is affected by the vulnerability described in GLSA-201206-11\n(Pidgin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Pidgin. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n These vulnerabilities allow for arbitrary file retrieval, Denial of\n Service and arbitrary code execution with the privileges of the user\n running Pidgin.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2012-06-22T00:00:00", "title": "GLSA-201206-11 : Pidgin: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3594", "CVE-2011-2485", "CVE-2010-0013"], "modified": "2012-06-22T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:pidgin"], "id": "GENTOO_GLSA-201206-11.NASL", "href": "https://www.tenable.com/plugins/nessus/59649", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-11.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59649);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0013\", \"CVE-2011-2485\", \"CVE-2011-3594\");\n script_bugtraq_id(37524, 48425, 49912);\n script_xref(name:\"GLSA\", value:\"201206-11\");\n\n script_name(english:\"GLSA-201206-11 : Pidgin: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-11\n(Pidgin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Pidgin. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n These vulnerabilities allow for arbitrary file retrieval, Denial of\n Service and arbitrary code execution with the privileges of the user\n running Pidgin.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Pidgin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/pidgin-2.10.0-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/pidgin\", unaffected:make_list(\"ge 2.10.0-r1\"), vulnerable:make_list(\"lt 2.10.0-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Pidgin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-05T12:52:56", "description": "This update of gdk-pixbuf fixes multiple buffer overflows that could\nhave caused a crash or potentially have allowed heap corruptions.\n(CVE-2011-2485 / CVE-2012-2370 / CVE-2011-2897)", "edition": 17, "published": "2012-07-06T00:00:00", "title": "SuSE 10 Security Update : gdk-pixbuf (ZYPP Patch Number 8158)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2897", "CVE-2011-2485", "CVE-2012-2370"], "modified": "2012-07-06T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GDK-PIXBUF-8158.NASL", "href": "https://www.tenable.com/plugins/nessus/59854", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59854);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2011-2485\", \"CVE-2011-2897\", \"CVE-2012-2370\");\n\n script_name(english:\"SuSE 10 Security Update : gdk-pixbuf (ZYPP Patch Number 8158)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of gdk-pixbuf fixes multiple buffer overflows that could\nhave caused a crash or potentially have allowed heap corruptions.\n(CVE-2011-2485 / CVE-2012-2370 / CVE-2011-2897)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2485.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2897.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2370.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8158.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"gdk-pixbuf-0.22.0-93.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"gdk-pixbuf-32bit-0.22.0-93.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"gdk-pixbuf-0.22.0-93.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"gdk-pixbuf-32bit-0.22.0-93.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-05T12:29:01", "description": "This update of gdk-pixbuf fixes multiple buffer overflows that could\nhave caused a crash or potentially have allowed heap corruptions.\n(CVE-2011-2485 / CVE-2012-2370 / CVE-2011-2897)", "edition": 17, "published": "2013-01-25T00:00:00", "title": "SuSE 11.1 Security Update : gdk-pixbuf (SAT Patch Number 6367)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2897", "CVE-2011-2485", "CVE-2012-2370"], "modified": "2013-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:gdk-pixbuf-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:gdk-pixbuf"], "id": "SUSE_11_GDK-PIXBUF-120531.NASL", "href": "https://www.tenable.com/plugins/nessus/64145", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64145);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2011-2485\", \"CVE-2011-2897\", \"CVE-2012-2370\");\n\n script_name(english:\"SuSE 11.1 Security Update : gdk-pixbuf (SAT Patch Number 6367)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of gdk-pixbuf fixes multiple buffer overflows that could\nhave caused a crash or potentially have allowed heap corruptions.\n(CVE-2011-2485 / CVE-2012-2370 / CVE-2011-2897)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=762735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2485.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2897.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2370.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6367.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gdk-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gdk-pixbuf-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"gdk-pixbuf-0.22.0-294.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gdk-pixbuf-0.22.0-294.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gdk-pixbuf-32bit-0.22.0-294.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:53:22", "description": "Multiple vulnerabilities has been identified and fixed in pidgin :\n\nIt was found that the gdk-pixbuf GIF image loader routine\ngdk_pixbuf__gif_image_load() did not properly handle certain return\nvalues from its subroutines. A remote attacker could provide a\nspecially crafted GIF image, which, once opened in Pidgin, would lead\ngdk-pixbuf to return a partially initialized pixbuf structure. Using\nthis structure, possibly containing a huge width and height, could\nlead to the application being terminated due to excessive memory use\n(CVE-2011-2485).\n\nCertain characters in the nicknames of IRC users can trigger a NULL\npointer dereference in the IRC protocol plugin's handling of responses\nto WHO requests. This can cause a crash on some operating systems.\nClients based on libpurple 2.8.0 through 2.9.0 are affected\n(CVE-2011-2943).\n\nIncorrect handling of HTTP 100 responses in the MSN protocol plugin\ncan cause the application to attempt to access memory that it does not\nhave access to. This only affects users who have turned on the HTTP\nconnection method for their accounts (it's off by default). This might\nonly be triggerable by a malicious server and not a malicious peer. We\nbelieve remote code execution is not possible (CVE-2011-3184).\n\nThis update provides pidgin 2.10.0, which is not vulnerable to these\nissues.", "edition": 26, "published": "2011-09-07T00:00:00", "title": "Mandriva Linux Security Advisory : pidgin (MDVSA-2011:132-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2485", "CVE-2011-3184", "CVE-2011-2943"], "modified": "2011-09-07T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:pidgin-bonjour", "cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:lib64finch0", "p-cpe:/a:mandriva:linux:lib64purple0", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:pidgin-tcl", "p-cpe:/a:mandriva:linux:lib64purple-devel", "p-cpe:/a:mandriva:linux:pidgin-plugins", "p-cpe:/a:mandriva:linux:libpurple0", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:pidgin", "p-cpe:/a:mandriva:linux:pidgin-client", "p-cpe:/a:mandriva:linux:libfinch0", "p-cpe:/a:mandriva:linux:pidgin-gevolution", "p-cpe:/a:mandriva:linux:finch", "p-cpe:/a:mandriva:linux:pidgin-perl", "p-cpe:/a:mandriva:linux:pidgin-silc", "p-cpe:/a:mandriva:linux:pidgin-meanwhile", "p-cpe:/a:mandriva:linux:libpurple-devel", "p-cpe:/a:mandriva:linux:pidgin-i18n"], "id": "MANDRIVA_MDVSA-2011-132.NASL", "href": "https://www.tenable.com/plugins/nessus/56109", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:132. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56109);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2011-2485\",\n \"CVE-2011-2943\",\n \"CVE-2011-3184\"\n );\n script_bugtraq_id(\n 48425,\n 49268\n );\n script_xref(name:\"MDVSA\", value:\"2011:132\");\n script_xref(name:\"MDVSA\", value:\"2011:132-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : pidgin (MDVSA-2011:132-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in pidgin :\n\nIt was found that the gdk-pixbuf GIF image loader routine\ngdk_pixbuf__gif_image_load() did not properly handle certain return\nvalues from its subroutines. A remote attacker could provide a\nspecially crafted GIF image, which, once opened in Pidgin, would lead\ngdk-pixbuf to return a partially initialized pixbuf structure. Using\nthis structure, possibly containing a huge width and height, could\nlead to the application being terminated due to excessive memory use\n(CVE-2011-2485).\n\nCertain characters in the nicknames of IRC users can trigger a NULL\npointer dereference in the IRC protocol plugin's handling of responses\nto WHO requests. This can cause a crash on some operating systems.\nClients based on libpurple 2.8.0 through 2.9.0 are affected\n(CVE-2011-2943).\n\nIncorrect handling of HTTP 100 responses in the MSN protocol plugin\ncan cause the application to attempt to access memory that it does not\nhave access to. This only affects users who have turned on the HTTP\nconnection method for their accounts (it's off by default). This might\nonly be triggerable by a malicious server and not a malicious peer. We\nbelieve remote code execution is not possible (CVE-2011-3184).\n\nThis update provides pidgin 2.10.0, which is not vulnerable to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64finch0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64purple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64purple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfinch0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpurple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-bonjour\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-gevolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-silc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"finch-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64finch0-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64purple0-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfinch0-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpurple-devel-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpurple0-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-bonjour-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-client-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-gevolution-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-i18n-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-meanwhile-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-perl-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-plugins-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-silc-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-tcl-2.10.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"finch-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64finch0-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64purple0-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfinch0-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpurple-devel-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpurple0-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pidgin-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pidgin-bonjour-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pidgin-client-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pidgin-gevolution-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pidgin-i18n-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pidgin-meanwhile-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pidgin-perl-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pidgin-plugins-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pidgin-silc-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"pidgin-tcl-2.10.0-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"finch-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64finch0-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64purple0-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfinch0-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libpurple-devel-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libpurple0-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-bonjour-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-client-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-gevolution-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-i18n-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-meanwhile-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-perl-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-plugins-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-silc-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-tcl-2.10.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:05", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2485", "CVE-2012-2370"], "description": "### Background\n\ngdk-pixbuf is an image loading library for GTK+.\n\n### Description\n\nTwo vulnerabilities have been found in gdk-pixbuf:\n\n * The \"gdk_pixbuf__gif_image_load()\" function in io-gif.c fails to properly handle certain return values from subroutines (CVE-2011-2485). \n * The \"read_bitmap_file_data()\" function in io-xbm.c contains an integer overflow error (CVE-2012-2370). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted image in an application linked against gdk-pixbuf, possibly resulting in Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll gdk-pixbuf users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gdk-pixbuf-2.24.1-r1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "edition": 1, "modified": "2012-06-23T00:00:00", "published": "2012-06-23T00:00:00", "id": "GLSA-201206-20", "href": "https://security.gentoo.org/glsa/201206-20", "type": "gentoo", "title": "gdk-pixbuf: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:34", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3594", "CVE-2011-2485", "CVE-2010-0013"], "edition": 1, "description": "### Background\n\nPidgin is an GTK Instant Messenger client.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThese vulnerabilities allow for arbitrary file retrieval, Denial of Service and arbitrary code execution with the privileges of the user running Pidgin. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Pidgin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/pidgin-2.10.0-r1\"", "modified": "2012-06-21T00:00:00", "published": "2012-06-21T00:00:00", "id": "GLSA-201206-11", "href": "https://security.gentoo.org/glsa/201206-11", "type": "gentoo", "title": "Pidgin: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:20", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3374", "CVE-2011-2485", "CVE-2011-4601", "CVE-2012-1178", "CVE-2012-2318", "CVE-2011-4602"], "description": "[2.7.9-5.el6.2]\n- Add patch for CVE-2011-2485 (RH bug #837561).\n[2.7.9-5.el6.1]\n- Add patch for CVE-2012-1178 (RH bug #837560).\n- Add patch for CVE-2012-2318 (RH bug #837560).\n- Add patch for CVE-2012-3374 (RH bug #837560).\n[2.7.9-5.el6]\n- Add patch for CVE-2011-4602 (RH bug #766453).\n[2.7.9-4.el6]\n- Add patch for CVE-2011-4601 (RH bug #766453).", "edition": 4, "modified": "2012-07-19T00:00:00", "published": "2012-07-19T00:00:00", "id": "ELSA-2012-1102", "href": "http://linux.oracle.com/errata/ELSA-2012-1102.html", "title": "pidgin security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-22T17:08:50", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0272", "CVE-2012-3374", "CVE-2011-2485", "CVE-2012-1178", "CVE-2013-0273", "CVE-2012-2318", "CVE-2013-0274"], "description": "[2.7.9-10.el6_4.1]\n- Fix spec file for disttag\n[2.7.9-10.el6]\n- Add patch for CVE-2013-0274 (RH bug #910653).\n[2.7.9-9.el6]\n- Add patch for CVE-2013-0273 (RH bug #910653).\n[2.7.9-8.el6]\n- Add patch for CVE-2013-0272 (RH bug #910653).\n[2.7.9-7.el6]\n- Add patch for CVE-2011-2485 (RH bug #837562).\n[2.7.9-6.el6]\n- Add patch for CVE-2012-1178 (RH bug #837560).\n- Add patch for CVE-2012-2318 (RH bug #837560).\n- Add patch for CVE-2012-3374 (RH bug #837560).", "edition": 5, "modified": "2013-03-14T00:00:00", "published": "2013-03-14T00:00:00", "id": "ELSA-2013-0646", "href": "http://linux.oracle.com/errata/ELSA-2013-0646.html", "title": "pidgin security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

Pidgin &lt; 2.9.0 gdk_pixbuf__gif_image_load() Denial of Service

Description

Pidgin < 2.9.0 gdk_pixbuf__gif_image_load() Denial of Service