RHEL 3 / 4 : RealPlayer (RHSA-2005:762)

2013-01-24T00:00:00

Description

An updated RealPlayer package that fixes a format string bug is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. RealPlayer is a media player that provides media playback locally and via streaming. A format string bug was discovered in the way RealPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue. All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.6 and is not vulnerable to this issue.

{"id": "REDHAT-RHSA-2005-762.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 3 / 4 : RealPlayer (RHSA-2005:762)", "description": "An updated RealPlayer package that fixes a format string bug is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and via streaming.\n\nA format string bug was discovered in the way RealPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.6 and is not vulnerable to this issue.", "published": "2013-01-24T00:00:00", "modified": "2021-01-14T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/63829", "reporter": "This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.", "references": ["http://rhn.redhat.com/errata/RHSA-2005-762.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922", "https://www.redhat.com/security/data/cve/CVE-2005-2922.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2629", "https://www.redhat.com/security/data/cve/CVE-2005-2629.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2710", "https://www.redhat.com/security/data/cve/CVE-2005-2710.html"], "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922", "CVE-2005-2969"], "immutableFields": [], "lastseen": "2023-11-28T15:58:02", "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "altlinux", "idList": ["A7283F59A28131A1D9D9457A50C34A50", "BD2ABA3F02325387ADD460C21764F7A2", "DF0387CA5C7D6A741A373EC3E40BA1F1"]}, {"type": "centos", "idList": ["CESA-2005:788", "CESA-2005:800", "CESA-2005:800-01"]}, {"type": "cert", "idList": ["VU:172489", "VU:361181"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2005-305"]}, {"type": "cisco", "idList": ["CISCO-SA-20051012-CVE-2005-2969"]}, {"type": "cve", "idList": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922", "CVE-2005-2969", "CVE-2005-3677"]}, {"type": "debian", "idList": ["DEBIAN:DSA-826-1:B8F64", "DEBIAN:DSA-826-1:FD2FD", "DEBIAN:DSA-875-1:180DB", "DEBIAN:DSA-875-1:7BDE0", "DEBIAN:DSA-881-1:74299", "DEBIAN:DSA-881-1:DF86E", "DEBIAN:DSA-882-1:351B9", "DEBIAN:DSA-882-1:E2C87", "DEBIAN:DSA-888-1:1BAB0", "DEBIAN:DSA-888-1:F9951", "DEBIAN:DSA-915-1:5BCBD", "DEBIAN:DSA-915-1:F05AD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2005-2969"]}, {"type": "f5", "idList": ["F5:K5533", "SOL5533"]}, {"type": "freebsd", "idList": ["60E26A40-3B25-11DA-9484-00123FFE8333", "FE4C84FC-BDB5-11DA-B7D4-00123FFE8333"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-05:21.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-200510-07", "GLSA-200510-11"]}, {"type": "jvn", "idList": ["JVN:23632449"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2005-788.NASL", "CENTOS_RHSA-2005-800.NASL", "DEBIAN_DSA-826.NASL", "DEBIAN_DSA-875.NASL", "DEBIAN_DSA-881.NASL", "DEBIAN_DSA-882.NASL", "DEBIAN_DSA-888.NASL", "DEBIAN_DSA-915.NASL", "F5_BIGIP_SOL5533.NASL", "FEDORA_2005-940.NASL", "FEDORA_2005-941.NASL", "FEDORA_2005-985.NASL", "FEDORA_2005-986.NASL", "FREEBSD_PKG_60E26A403B2511DA948400123FFE8333.NASL", "FREEBSD_PKG_FE4C84FCBDB511DAB7D400123FFE8333.NASL", "GENTOO_GLSA-200510-07.NASL", "GENTOO_GLSA-200510-11.NASL", "MACOSX_SECUPD2005-009.NASL", "MANDRAKE_MDKSA-2005-179.NASL", "OPENSSL_0_9_7H_0_9_8A.NASL", "REALPLAYER_6012.NASL", "REALPLAYER_6_0_12_1483.NASL", "REDHAT-RHSA-2005-788.NASL", "REDHAT-RHSA-2005-800.NASL", "REDHAT-RHSA-2008-0264.NASL", "REDHAT-RHSA-2008-0525.NASL", "REDHAT-RHSA-2008-0629.NASL", "SLACKWARE_SSA_2005-286-01.NASL", "SOLARIS10_121229-02.NASL", "SOLARIS10_121229.NASL", "SUSE_SA_2005_059.NASL", "SUSE_SA_2005_061.NASL", "SUSE_SA_2006_018.NASL", "UBUNTU_USN-204-1.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2005-2969"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231055636", "OPENVAS:136141256231065067", "OPENVAS:1361412562310835119", "OPENVAS:1361412562310855192", "OPENVAS:1361412562310855516", "OPENVAS:55491", "OPENVAS:55572", "OPENVAS:55573", "OPENVAS:55588", "OPENVAS:55636", "OPENVAS:55640", "OPENVAS:55751", "OPENVAS:55794", "OPENVAS:55796", "OPENVAS:55813", "OPENVAS:55945", "OPENVAS:56447", "OPENVAS:65067", "OPENVAS:835119", "OPENVAS:855192", "OPENVAS:855516"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-3022", "ELSA-2019-4581", "ELSA-2019-4747"]}, {"type": "osv", "idList": ["OSV:DSA-826-1", "OSV:DSA-875-1", "OSV:DSA-915-1"]}, {"type": "redhat", "idList": ["RHSA-2005:762", "RHSA-2005:788", "RHSA-2005:800", "RHSA-2008:0264", "RHSA-2008:0525", "RHSA-2008:0629"]}, {"type": "saint", "idList": ["SAINT:32AF98CF80A27AB194B608D45186A636", "SAINT:74F1BEDE6E32D2B82819435F2160B116", "SAINT:7A58BDE9BDCCED73750F291E450DEC53", "SAINT:CB07D6C943AA2B34E7B85CB005E75063"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10199", "SECURITYVULNS:DOC:11910", "SECURITYVULNS:DOC:11925", "SECURITYVULNS:DOC:9834", "SECURITYVULNS:DOC:9901"]}, {"type": "slackware", "idList": ["SSA-2005-286-01"]}, {"type": "suse", "idList": ["SUSE-SA:2005:059", "SUSE-SA:2005:061", "SUSE-SA:2006:018"]}, {"type": "ubuntu", "idList": ["USN-204-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-2629", "UB:CVE-2005-2969"]}]}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2005:788", "CESA-2005:800", "CESA-2005:800-01"]}, {"type": "cert", "idList": ["VU:172489"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2005-305"]}, {"type": "cisco", "idList": ["CISCO-SA-20051012-CVE-2005-2969"]}, {"type": "cve", "idList": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922", "CVE-2005-2969"]}, {"type": "debian", "idList": ["DEBIAN:DSA-826-1:B8F64"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2005-2969"]}, {"type": "f5", "idList": ["SOL5533"]}, {"type": "freebsd", "idList": ["60E26A40-3B25-11DA-9484-00123FFE8333", "FE4C84FC-BDB5-11DA-B7D4-00123FFE8333"]}, {"type": "gentoo", "idList": ["GLSA-200510-07"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200510-07.NASL", "REDHAT-RHSA-2005-788.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2005-2969"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310855516", "OPENVAS:55796", "OPENVAS:56447", "OPENVAS:65067"]}, {"type": "redhat", "idList": ["RHSA-2005:788"]}, {"type": "saint", "idList": ["SAINT:32AF98CF80A27AB194B608D45186A636"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10199"]}, {"type": "suse", "idList": ["SUSE-SA:2005:059"]}, {"type": "ubuntu", "idList": ["USN-204-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-2969"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2005-2629", "epss": 0.16739, "percentile": 0.95228, "modified": "2023-05-06"}, {"cve": "CVE-2005-2710", "epss": 0.96851, "percentile": 0.99488, "modified": "2023-05-06"}, {"cve": "CVE-2005-2922", "epss": 0.02392, "percentile": 0.88263, "modified": "2023-05-06"}, {"cve": "CVE-2005-2969", "epss": 0.01259, "percentile": 0.83557, "modified": "2023-05-06"}], "vulnersScore": -0.3}, "_state": {"dependencies": 1701187821, "score": 1701187174, "epss": 0}, "_internal": {"score_hash": "2148dfa79c4cec24c4521da590c301f0"}, "pluginID": "63829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:762. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63829);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\", \"CVE-2005-2969\");\n script_xref(name:\"RHSA\", value:\"2005:762\");\n\n script_name(english:\"RHEL 3 / 4 : RealPlayer (RHSA-2005:762)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated RealPlayer package that fixes a format string bug is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and\nvia streaming.\n\nA format string bug was discovered in the way RealPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running RealPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated\npackage, which contains RealPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2629.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2710.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2922.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2005-762.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected RealPlayer and / or realplayer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:RealPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"realplayer-10.0.6-0.rhel3.2\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"RealPlayer-10.0.6-2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:realplayer", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "solution": "Update the affected RealPlayer and / or realplayer packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2005-09-27T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"redhat": [{"lastseen": "2021-10-21T04:43:59", "description": "HelixPlayer is a media player.\r\n\r\nA format string bug was discovered in the way HelixPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running HelixPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-09-27T00:00:00", "type": "redhat", "title": "(RHSA-2005:788) HelixPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2017-09-08T08:16:41", "id": "RHSA-2005:788", "href": "https://access.redhat.com/errata/RHSA-2005:788", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:00", "description": "RealPlayer is a media player that provides media playback locally and\r\nvia streaming.\r\n\r\nA format string bug was discovered in the way RealPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running RealPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of RealPlayer are advised to upgrade to this updated package,\r\nwhich contains RealPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-09-27T00:00:00", "type": "redhat", "title": "(RHSA-2005:762) RealPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2018-05-26T00:26:19", "id": "RHSA-2005:762", "href": "https://access.redhat.com/errata/RHSA-2005:762", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:40:37", "description": "OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and\r\nTransport Layer Security (TLS v1) protocols as well as a full-strength\r\ngeneral purpose cryptography library.\r\n\r\nOpenSSL contained a software work-around for a bug in SSL handling in\r\nMicrosoft Internet Explorer version 3.0.2. This work-around is enabled in\r\nmost servers that use OpenSSL to provide support for SSL and TLS. Yutaka\r\nOiwa discovered that this work-around could allow an attacker, acting as a\r\n\"man in the middle\" to force an SSL connection to use SSL 2.0 rather than a\r\nstronger protocol such as SSL 3.0 or TLS 1.0. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2969\r\nto this issue.\r\n\r\nA bug was also fixed in the way OpenSSL creates DSA signatures. A cache\r\ntiming attack was fixed in RHSA-2005-476 which caused OpenSSL to do private\r\nkey calculations with a fixed time window. The DSA fix for this was not\r\ncomplete and the calculations are not always performed within a\r\nfixed-window. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-0109 to this issue.\r\n\r\nUsers are advised to upgrade to these updated packages, which remove the\r\nMISE 3.0.2 work-around and contain patches to correct these issues.\r\n\r\nNote: After installing this update, users are advised to either\r\nrestart all services that use OpenSSL or restart their system.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2005-10-11T00:00:00", "type": "redhat", "title": "(RHSA-2005:800) openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0109", "CVE-2005-2969"], "modified": "2019-03-22T19:42:52", "id": "RHSA-2005:800", "href": "https://access.redhat.com/errata/RHSA-2005:800", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-19T20:40:11", "description": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server Solaris\nclient. In a typical operating environment, these components are not used\nby the Satellite Server in a vulnerable manner. These security updates will\nreduce risk should these components be used by other applications.\n\nSeveral flaws in Zlib was discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream is opened by a user. (CVE-2005-2096). An attacker\ncould create a carefully crafted compressed stream that would cause an\napplication to crash if the stream is opened by a user. (CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers()\nutility function. An attacker could send a list of ciphers to an\napplication that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application\nused OpenSSL to create an SSLv2 connection to a malicious server, that\nserver could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA\nkey with exponent 3 is used it may be possible for an attacker to forge a\nPKCS #1 v1.5 signature that would be incorrectly verified by\nimplementations that do not check for excess data in the RSA exponentiation\nresult of the signature. This issue affected applications that use OpenSSL\nto verify X.509 certificates as well as other uses of PKCS #1 v1.5.\n(CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most servers\nthat use OpenSSL to provide support for SSL and TLS. This work-around could\nallow an attacker, acting as a \"man in the middle\" to force an SSL\nconnection to use SSL 2.0 rather than a stronger protocol, such as SSL 3.0\nor TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). \n\nCertain public key types can take disproportionate amounts of time to\nprocess in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the way that the Python repr() function handled\nUTF-32/UCS-4 strings. If an application written in Python used the repr()\nfunction on untrusted data, this could lead to a denial of service or\npossibly allow the execution of arbitrary code with the privileges of the\nPython application. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale module.\nStrings generated by this function were not properly NULL-terminated. This\nmay possibly cause disclosure of data stored in the memory of a Python\napplication using this function. (CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module.\nIf an application written in Python used the imageop module to process\nuntrusted images, it could cause the application to crash, enter an\ninfinite loop, or possibly execute arbitrary code with the privileges of\nthe Python interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter,\nwhich could allow a local user to gain privileges by running a script with\na long name from the current working directory. (CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated\npackages, which contain backported patches to correct these issues. ", "cvss3": {}, "published": "2008-06-30T00:00:00", "type": "redhat", "title": "(RHSA-2008:0525) Moderate: Red Hat Network Satellite Server Solaris client security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2019-03-22T19:44:30", "id": "RHSA-2008:0525", "href": "https://access.redhat.com/errata/RHSA-2008:0525", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:40:16", "description": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server Solaris\nclient. In a typical operating environment, these components are not used\nby the Satellite Server in a vulnerable manner. These security updates will\nreduce risk should these components be used by other applications.\n\nTwo denial-of-service flaws were fixed in ZLib. (CVE-2005-2096,\nCVE-2005-1849)\n\nMultiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339,\nCVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969)\n\nMultiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052,\nCVE-2006-4980, CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to\n5.0.2, which resolves these issues.", "cvss3": {}, "published": "2008-05-20T00:00:00", "type": "redhat", "title": "(RHSA-2008:0264) Moderate: Red Hat Network Satellite Server Solaris client security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2019-03-22T19:44:35", "id": "RHSA-2008:0264", "href": "https://access.redhat.com/errata/RHSA-2008:0264", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:39:02", "description": "This release corrects several security vulnerabilities in components\nshipped as part of the Red Hat Network Satellite Server Solaris client. In\na typical operating environment, these components are not used by the\nSatellite Server in a vulnerable manner. These security updates will reduce\nrisk should these components be used by other applications.\n\nSeveral flaws in Zlib were discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers()\nutility function. An attacker could send a list of ciphers to an\napplication that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application\nused OpenSSL to create an SSLv2 connection to a malicious server, that\nserver could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA\nkey with exponent 3 was used an attacker could, potentially, forge a PKCS\n#1 v1.5 signature that would be incorrectly verified by implementations\nthat do not check for excess data in the RSA exponentiation result of the\nsignature. This issue affected applications that use OpenSSL to verify\nX.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most servers\nthat use OpenSSL to provide support for SSL and TLS. This work-around was\nvulnerable to a man-in-the-middle attack which allowed a remote user to\nforce an SSL connection to use SSL 2.0, rather than a stronger protocol,\nsuch as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures, an error\ncondition was mishandled. This could result in an infinite loop which\nconsumed system memory (CVE-2006-2937).\n\nCertain public key types could take disproportionate amounts of time to\nprocess in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the Python repr() function's handling of\nUTF-32/UCS-4 strings. If an application used the repr() function on\nuntrusted data, this could lead to a denial of service or, possibly, allow\nthe execution of arbitrary code with the privileges of the application\nusing the flawed function. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale module.\nStrings generated by this function were not properly NULL-terminated. This\ncould, potentially, cause disclosure of data stored in the memory of an\napplication using this function. (CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module.\nIf an application used the imageop module to process untrusted images, it\ncould cause the application to crash, enter an infinite loop, or, possibly,\nexecute arbitrary code with the privileges of the Python interpreter.\n(CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter,\nwhich could allow a local user to gain privileges by running a script with\na long name from the current working directory. (CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated\npackages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2008-08-13T00:00:00", "type": "redhat", "title": "(RHSA-2008:0629) Moderate: Red Hat Network Satellite Server Solaris client security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2019-03-22T19:44:55", "id": "RHSA-2008:0629", "href": "https://access.redhat.com/errata/RHSA-2008:0629", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-11-28T14:54:57", "description": "An updated HelixPlayer package that fixes a string format issue is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "RHEL 4 : HelixPlayer (RHSA-2005:788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:helixplayer", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-788.NASL", "href": "https://www.tenable.com/plugins/nessus/19836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:788. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19836);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\");\n script_xref(name:\"RHSA\", value:\"2005:788\");\n\n script_name(english:\"RHEL 4 : HelixPlayer (RHSA-2005:788)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a string format issue is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running HelixPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains HelixPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:788\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:788\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:25:51", "description": "An updated HelixPlayer package that fixes a string format issue is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2007-01-08T00:00:00", "type": "nessus", "title": "CentOS 4 : Helix / Player (CESA-2005:788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:helixplayer", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2005-788.NASL", "href": "https://www.tenable.com/plugins/nessus/23983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:788 and \n# CentOS Errata and Security Advisory 2005:788 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23983);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\");\n script_xref(name:\"RHSA\", value:\"2005:788\");\n\n script_name(english:\"CentOS 4 : Helix / Player (CESA-2005:788)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a string format issue is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running HelixPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains HelixPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012207.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d258f2dc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012208.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7cf68a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected helix and / or player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T14:55:55", "description": "Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.\n\nThe following matrix explains which version in which distribution has this problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-875-1 : openssl094 - cryptographic weakness", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl094", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-875.NASL", "href": "https://www.tenable.com/plugins/nessus/22741", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-875. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22741);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2969\");\n script_xref(name:\"DSA\", value:\"875\");\n\n script_name(english:\"Debian DSA-875-1 : openssl094 - cryptographic weakness\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid) \n openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 \n openssl094 0.9.4-6.woody.4 n/a n/a \n openssl095 0.9.5a-6.woody.6 n/a n/a \n openssl096 n/a 0.9.6m-1sarge1 n/a \n openssl097 n/a n/a 0.9.7g-5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-875\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the libssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl094\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libssl09\", reference:\"0.9.4-6.woody.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:05:28", "description": "Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.\n\nThe following matrix explains which version in which distribution has this problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-881-1 : openssl096 - cryptographic weakness", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl096", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-881.NASL", "href": "https://www.tenable.com/plugins/nessus/22747", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-881. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22747);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2969\");\n script_xref(name:\"DSA\", value:\"881\");\n\n script_name(english:\"Debian DSA-881-1 : openssl096 - cryptographic weakness\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid) \n openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 \n openssl094 0.9.4-6.woody.4 n/a n/a \n openssl095 0.9.5a-6.woody.6 n/a n/a \n openssl096 n/a 0.9.6m-1sarge1 n/a \n openssl097 n/a n/a 0.9.7g-5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-881\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the libssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl096\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libssl0.9.6\", reference:\"0.9.6m-1sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:03:13", "description": "Vulnerability :\n\nSuch applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third-party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a 'man in the middle' can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only.\n\nApplications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor SSL_OP_ALL are not affected. Also, applications that disable use of SSL 2.0 are not affected.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "FreeBSD : openssl -- potential SSL 2.0 rollback (60e26a40-3b25-11da-9484-00123ffe8333)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:compat5x-alpha", "p-cpe:/a:freebsd:freebsd:compat5x-amd64", "p-cpe:/a:freebsd:freebsd:compat5x-i386", "p-cpe:/a:freebsd:freebsd:compat5x-sparc64", "p-cpe:/a:freebsd:freebsd:openssl", "p-cpe:/a:freebsd:freebsd:openssl-beta", "p-cpe:/a:freebsd:freebsd:openssl-beta-overwrite-base", "p-cpe:/a:freebsd:freebsd:openssl-overwrite-base", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_60E26A403B2511DA948400123FFE8333.NASL", "href": "https://www.tenable.com/plugins/nessus/21435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21435);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2969\");\n script_xref(name:\"FreeBSD\", value:\"SA-05:21.openssl\");\n\n script_name(english:\"FreeBSD : openssl -- potential SSL 2.0 rollback (60e26a40-3b25-11da-9484-00123ffe8333)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability :\n\nSuch applications are affected if they use the option\nSSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of\nSSL_OP_ALL, which is intended to work around various bugs in\nthird-party software that might prevent interoperability. The\nSSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in\nthe SSL 2.0 server supposed to prevent active protocol-version\nrollback attacks. With this verification step disabled, an attacker\nacting as a 'man in the middle' can force a client and a server to\nnegotiate the SSL 2.0 protocol even if these parties both support SSL\n3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe\ncryptographic weaknesses and is supported as a fallback only.\n\nApplications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor\nSSL_OP_ALL are not affected. Also, applications that disable use of\nSSL 2.0 are not affected.\"\n );\n # http://www.openssl.org/news/secadv/20051011.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20051011.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/60e26a40-3b25-11da-9484-00123ffe8333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f90d5fdf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:compat5x-alpha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:compat5x-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:compat5x-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:compat5x-sparc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl-beta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl-beta-overwrite-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl-overwrite-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<=0.9.7g\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=0.9.8<=0.9.8_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=0.9.*_20050325<=0.9.*_20051011\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl-overwrite-base<=0.9.7g\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl-overwrite-base>=0.9.8<=0.9.8_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl-overwrite-base>=0.9.*_20050325<=0.9.*_20051011\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl-beta<=0.9.8_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl-beta>=0.9.*_20050325<=0.9.*_20051011\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl-beta-overwrite-base<=0.9.8_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl-beta-overwrite-base>=0.9.*_20050325<=0.9.*_20051011\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"compat5x-alpha<5.4.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"compat5x-amd64<5.4.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"compat5x-i386<5.4.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"compat5x-sparc64<5.4.0.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:59", "description": "This is a fix for CVE-2005-2710\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "Fedora Core 4 : HelixPlayer-1.0.6-1.fc4.2 (2005-940)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:helixplayer", "p-cpe:/a:fedoraproject:fedora:helixplayer-debuginfo", "cpe:/o:fedoraproject:fedora_core:4"], "id": "FEDORA_2005-940.NASL", "href": "https://www.tenable.com/plugins/nessus/19880", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-940.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19880);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-940\");\n\n script_name(english:\"Fedora Core 4 : HelixPlayer-1.0.6-1.fc4.2 (2005-940)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a fix for CVE-2005-2710\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-September/001425.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?505e859a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected HelixPlayer and / or HelixPlayer-debuginfo\npackages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-1.fc4.2\")) flag++;\nif (rpm_check(release:\"FC4\", cpu:\"i386\", reference:\"HelixPlayer-debuginfo-1.0.6-1.fc4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer / HelixPlayer-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:55:02", "description": "The remote host is affected by the vulnerability described in GLSA-200510-07 (RealPlayer, Helix Player: Format string vulnerability)\n\n 'c0ntex' reported that RealPlayer and Helix Player suffer from a heap overflow.\n Impact :\n\n By enticing a user to play a specially crafted realpix (.rp) or realtext (.rt) file, an attacker could execute arbitrary code with the permissions of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "nessus", "title": "GLSA-200510-07 : RealPlayer, Helix Player: Format string vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:helixplayer", "p-cpe:/a:gentoo:linux:realplayer", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200510-07.NASL", "href": "https://www.tenable.com/plugins/nessus/19977", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19977);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2710\");\n script_xref(name:\"GLSA\", value:\"200510-07\");\n\n script_name(english:\"GLSA-200510-07 : RealPlayer, Helix Player: Format string vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-07\n(RealPlayer, Helix Player: Format string vulnerability)\n\n 'c0ntex' reported that RealPlayer and Helix Player suffer from a heap\n overflow.\n \nImpact :\n\n By enticing a user to play a specially crafted realpix (.rp) or\n realtext (.rt) file, an attacker could execute arbitrary code with the\n permissions of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All RealPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.6'\n Note to Helix Player users: There is currently no stable secure Helix\n Player package. Affected users should remove the package until an\n updated Helix Player package is released.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:helixplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/helixplayer\", unaffected:make_list(), vulnerable:make_list(\"lt 1.0.6\"))) flag++;\nif (qpkg_check(package:\"media-video/realplayer\", unaffected:make_list(\"ge 10.0.6\"), vulnerable:make_list(\"lt 10.0.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RealPlayer / Helix Player\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:55:05", "description": "The remote Fedora Core host is missing one or more security updates :\n\nopenssl-0.9.7a-42.2 :\n\n - Tue Oct 11 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7a-42.2\n\n - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863)\n\n - more fixes for constant time/memory access for DSA signature algorithm\n\n - updated ICA engine patch\n\n - install ca-bundle.crt as a config file\n\nopenssl096b-0.9.6b-21.2 :\n\n - Thu Oct 6 2005 Tomas Mraz <tmraz at redhat.com> 0.9.6b-21.2\n\n - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863)\n\n - more fixes for constant time/memory access for DSA signature algorithm\n\n - replaced add-luna patch with new one with right license (#158061)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-10-19T00:00:00", "type": "nessus", "title": "Fedora Core 3 : openssl-0.9.7a-42.2 / openssl096b-0.9.6b-21.2 (2005-985)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "p-cpe:/a:fedoraproject:fedora:openssl-debuginfo", "p-cpe:/a:fedoraproject:fedora:openssl-devel", "p-cpe:/a:fedoraproject:fedora:openssl-perl", "p-cpe:/a:fedoraproject:fedora:openssl096b", "p-cpe:/a:fedoraproject:fedora:openssl096b-debuginfo", "cpe:/o:fedoraproject:fedora_core:3"], "id": "FEDORA_2005-985.NASL", "href": "https://www.tenable.com/plugins/nessus/20022", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-985.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20022);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-985\");\n\n script_name(english:\"Fedora Core 3 : openssl-0.9.7a-42.2 / openssl096b-0.9.6b-21.2 (2005-985)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Fedora Core host is missing one or more security updates :\n\nopenssl-0.9.7a-42.2 :\n\n - Tue Oct 11 2005 Tomas Mraz <tmraz at redhat.com>\n 0.9.7a-42.2\n\n - fix CVE-2005-2969 - remove\n SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the\n countermeasure against man in the middle attack in\n SSLv2 (#169863)\n\n - more fixes for constant time/memory access for DSA\n signature algorithm\n\n - updated ICA engine patch\n\n - install ca-bundle.crt as a config file\n\nopenssl096b-0.9.6b-21.2 :\n\n - Thu Oct 6 2005 Tomas Mraz <tmraz at redhat.com>\n 0.9.6b-21.2\n\n - fix CVE-2005-2969 - remove\n SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the\n countermeasure against man in the middle attack in\n SSLv2 (#169863)\n\n - more fixes for constant time/memory access for DSA\n signature algorithm\n\n - replaced add-luna patch with new one with right\n license (#158061)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-October/001486.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?479959b3\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-October/001491.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f2bf690\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl096b-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"openssl-0.9.7a-42.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"openssl-debuginfo-0.9.7a-42.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"openssl-devel-0.9.7a-42.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"openssl-perl-0.9.7a-42.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"openssl096b-0.9.6b-21.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"openssl096b-debuginfo-0.9.6b-21.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:55:05", "description": "The remote host is missing the patch for the advisory SUSE-SA:2005:061 (openssl).\n\n\nThe openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which is commonly used in applications). (CVE-2005-2969)\n\nAdditionally this update adds the Geotrusts Equifax Root1 CA certificate to allow correct certification against Novell Inc. websites and services. The same CA is already included in Mozilla, KDE, and curl, which use separate certificate stores.", "cvss3": {}, "published": "2005-10-20T00:00:00", "type": "nessus", "title": "SUSE-SA:2005:061: openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2005_061.NASL", "href": "https://www.tenable.com/plugins/nessus/20064", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:061\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(20064);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2005:061: openssl\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2005:061 (openssl).\n\n\nThe openssl cryptographic libraries have been updated to fix\na protocol downgrading attack which allows a man-in-the-middle\nattacker to force the usage of SSLv2. This happens due to the\nwork-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included\nin SSL_OP_ALL (which is commonly used in applications). (CVE-2005-2969)\n\nAdditionally this update adds the Geotrusts Equifax Root1 CA certificate\nto allow correct certification against Novell Inc. websites and\nservices. The same CA is already included in Mozilla, KDE, and curl,\nwhich use separate certificate stores.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2005_61_openssl.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/10/20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the openssl package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"openssl-0.9.7g-2.2\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7g-2.2\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.7b-135\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7b-135\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.7d-15.15.3\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7d-15.15.3\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.7d-25.2\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7d-25.2\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.7e-3.2\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7e-3.2\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:32", "description": "The remote host is missing the patch for the advisory SUSE-SA:2005:059 (RealPlayer).\n\n\nThe following security issue in RealPlayer was fixed:\n\n- A format string bug in the RealPix (.rp) file format parser (CVE-2005-2710).\n\nThis bug allowed remote attackers to execute arbitrary code by supplying a specially crafted file, e.g via Web page or E-Mail.\n\nNote that we no longer support RealPlayer on the following distributions for some time now:\n- SUSE Linux 9.1\n- SUSE Linux 9.0\n- SUSE Linux Desktop 1.0\n\nOn these distributions, please deinstall RealPlayer by running as root:\n\trpm -e RealPlayer", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "nessus", "title": "SUSE-SA:2005:059: RealPlayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2005_059.NASL", "href": "https://www.tenable.com/plugins/nessus/19996", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:059\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(19996);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2005:059: RealPlayer\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2005:059 (RealPlayer).\n\n\nThe following security issue in RealPlayer was fixed:\n\n- A format string bug in the RealPix (.rp) file format parser\n(CVE-2005-2710).\n\nThis bug allowed remote attackers to execute arbitrary code by\nsupplying a specially crafted file, e.g via Web page or E-Mail.\n\nNote that we no longer support RealPlayer on the following distributions\nfor some time now:\n- SUSE Linux 9.1\n- SUSE Linux 9.0\n- SUSE Linux Desktop 1.0\n\nOn these distributions, please deinstall RealPlayer by running as root:\n\trpm -e RealPlayer\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2005_59_RealPlayer.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/10/11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the RealPlayer package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"RealPlayer-10.0.6-3.2\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.6-1.4\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.6-1.4\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:38", "description": "This is a fix for CVE-2005-2710\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "Fedora Core 3 : HelixPlayer-1.0.6-0.fc3.1 (2005-941)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:helixplayer", "p-cpe:/a:fedoraproject:fedora:helixplayer-debuginfo", "cpe:/o:fedoraproject:fedora_core:3"], "id": "FEDORA_2005-941.NASL", "href": "https://www.tenable.com/plugins/nessus/19881", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-941.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19881);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-941\");\n\n script_name(english:\"Fedora Core 3 : HelixPlayer-1.0.6-0.fc3.1 (2005-941)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a fix for CVE-2005-2710\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-September/001426.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f8088a2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected HelixPlayer and / or HelixPlayer-debuginfo\npackages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"HelixPlayer-1.0.6-0.fc3.1\")) flag++;\nif (rpm_check(release:\"FC3\", cpu:\"i386\", reference:\"HelixPlayer-debuginfo-1.0.6-0.fc3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer / HelixPlayer-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-26T14:41:36", "description": "The remote BIG-IP device is missing a patch required by a security advisory.", "cvss3": {}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Potential protocol version rollback vulnerability in OpenSSL (SOL5533)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL5533.NASL", "href": "https://www.tenable.com/plugins/nessus/78206", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL5533.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78206);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-2969\");\n\n script_name(english:\"F5 Networks BIG-IP : Potential protocol version rollback vulnerability in OpenSSL (SOL5533)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote BIG-IP device is missing a patch required by a security\nadvisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K5533\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL5533.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL5533\";\nvmatrix = make_array();\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.2.2-9.2.5\",\"9.3\",\"9.4\",\"10\",\"11\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.1.0\",\"9.2.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.1.1-9.1.3\",\"9.2.2-9.2.5\",\"9.3\",\"9.4\",\"9.6\",\"10\",\"11\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules ASM / LTM\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T14:10:02", "description": "According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7h or 0.9.8a. \n\nIf the SSL_OP_MSIE_SSLV2_RSA_PADDING option is used, a remote attacker could force a client to downgrade to a weaker protocol and implement a man-in-the-middle attack.", "cvss3": {}, "published": "2012-01-04T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.7h / 0.9.8a Protocol Version Rollback", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_7H_0_9_8A.NASL", "href": "https://www.tenable.com/plugins/nessus/17755", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17755);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2005-2969\");\n script_bugtraq_id(15071);\n\n script_name(english:\"OpenSSL < 0.9.7h / 0.9.8a Protocol Version Rollback\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote server is vulnerable to man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote server is running a version of \nOpenSSL that is earlier than 0.9.7h or 0.9.8a. \n\nIf the SSL_OP_MSIE_SSLV2_RSA_PADDING option is used, a remote attacker\ncould force a client to downgrade to a weaker protocol and implement a\nman-in-the-middle attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20051011.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.7h / 0.9.8a or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:make_list('0.9.7h', '0.9.8a'), severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:33", "description": "The remote host is affected by the vulnerability described in GLSA-200510-11 (OpenSSL: SSL 2.0 protocol rollback)\n\n Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the SSL_OP_ALL option, that implies it) can be forced by a third-party to fallback to the less secure SSL 2.0 protocol, even if both parties support the more secure SSL 3.0 or TLS 1.0 protocols.\n Impact :\n\n A man-in-the-middle attacker can weaken the encryption used to communicate between two parties, potentially revealing sensitive information.\n Workaround :\n\n If possible, disable the use of SSL 2.0 in all OpenSSL-enabled applications.", "cvss3": {}, "published": "2005-10-19T00:00:00", "type": "nessus", "title": "GLSA-200510-11 : OpenSSL: SSL 2.0 protocol rollback", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200510-11.NASL", "href": "https://www.tenable.com/plugins/nessus/20031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-11.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20031);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2969\");\n script_xref(name:\"GLSA\", value:\"200510-11\");\n\n script_name(english:\"GLSA-200510-11 : OpenSSL: SSL 2.0 protocol rollback\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-11\n(OpenSSL: SSL 2.0 protocol rollback)\n\n Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the\n SSL_OP_ALL option, that implies it) can be forced by a third-party to\n fallback to the less secure SSL 2.0 protocol, even if both parties\n support the more secure SSL 3.0 or TLS 1.0 protocols.\n \nImpact :\n\n A man-in-the-middle attacker can weaken the encryption used to\n communicate between two parties, potentially revealing sensitive\n information.\n \nWorkaround :\n\n If possible, disable the use of SSL 2.0 in all OpenSSL-enabled\n applications.\"\n );\n # http://www.openssl.org/news/secadv/20051011.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20051011.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-libs/openssl\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 0.9.7h\", \"rge 0.9.7g-r1\", \"rge 0.9.7e-r2\"), vulnerable:make_list(\"lt 0.9.7h\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:50", "description": "New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. Under certain conditions, an attacker acting as a 'man in the middle' may force a client and server to fall back to the less-secure SSL 2.0 protocol.", "cvss3": {}, "published": "2005-10-19T00:00:00", "type": "nessus", "title": "Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : OpenSSL (SSA:2005-286-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2005-286-01.NASL", "href": "https://www.tenable.com/plugins/nessus/20017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2005-286-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20017);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2969\");\n script_xref(name:\"SSA\", value:\"2005-286-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : OpenSSL (SSA:2005-286-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, and -current to fix a security issue. Under certain\nconditions, an attacker acting as a 'man in the middle' may force a\nclient and server to fall back to the less-secure SSL 2.0 protocol.\"\n );\n # http://www.openssl.org/news/secadv/20051011.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20051011.txt\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.555090\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c026715\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"openssl\", pkgver:\"0.9.6m\", pkgarch:\"i386\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"8.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.6m\", pkgarch:\"i386\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"openssl\", pkgver:\"0.9.7d\", pkgarch:\"i386\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"9.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7d\", pkgarch:\"i386\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"openssl\", pkgver:\"0.9.7d\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"9.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7d\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"openssl\", pkgver:\"0.9.7d\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"10.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7d\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"openssl\", pkgver:\"0.9.7e\", pkgarch:\"i486\", pkgnum:\"4\")) flag++;\nif (slackware_check(osver:\"10.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7e\", pkgarch:\"i486\", pkgnum:\"4\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"openssl\", pkgver:\"0.9.7g\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"10.2\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7g\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"0.9.7g\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7g\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:05:53", "description": "Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.\n\nThe following matrix explains which version in which distribution has this problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-888-1 : openssl - cryptographic weakness", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:3.0", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-888.NASL", "href": "https://www.tenable.com/plugins/nessus/22754", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-888. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22754);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2969\");\n script_xref(name:\"DSA\", value:\"888\");\n\n script_name(english:\"Debian DSA-888-1 : openssl - cryptographic weakness\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid) \n openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 \n openssl094 0.9.4-6.woody.4 n/a n/a \n openssl095 0.9.5a-6.woody.6 n/a n/a \n openssl096 n/a 0.9.6m-1sarge1 n/a \n openssl097 n/a n/a 0.9.7g-5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-888\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the libssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libssl-dev\", reference:\"0.9.6c-2.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libssl0.9.6\", reference:\"0.9.6c-2.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"openssl\", reference:\"0.9.6c-2.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ssleay\", reference:\"0.9.6c-2.woody.8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libssl-dev\", reference:\"0.9.7e-3sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libssl0.9.7\", reference:\"0.9.7e-3sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"openssl\", reference:\"0.9.7e-3sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T14:55:55", "description": "Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.\n\nThe following matrix explains which version in which distribution has this problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-882-1 : openssl095 - cryptographic weakness", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl095", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-882.NASL", "href": "https://www.tenable.com/plugins/nessus/22748", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-882. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22748);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2969\");\n script_xref(name:\"DSA\", value:\"882\");\n\n script_name(english:\"Debian DSA-882-1 : openssl095 - cryptographic weakness\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid) \n openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 \n openssl094 0.9.4-6.woody.4 n/a n/a \n openssl095 0.9.5a-6.woody.6 n/a n/a \n openssl096 n/a 0.9.6m-1sarge1 n/a \n openssl097 n/a n/a 0.9.7g-5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-882\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the libssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl095\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libssl095a\", reference:\"0.9.5a-6.woody.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:00:56", "description": "Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third-party products, which is achieved by working around known bugs in them.\n\nThe SSL_OP_MSIE_SSLV2_RSA_PADDING option disabled a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a 'man in the middle' could force a client and a server to negotiate the SSL 2.0 protocol even if these parties both supported SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2006-01-15T00:00:00", "type": "nessus", "title": "Ubuntu 4.10 / 5.04 / 5.10 : openssl vulnerability (USN-204-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl-dev", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.7", "p-cpe:/a:canonical:ubuntu_linux:openssl", "cpe:/o:canonical:ubuntu_linux:4.10", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:5.10"], "id": "UBUNTU_USN-204-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20620", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-204-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20620);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-2969\");\n script_xref(name:\"USN\", value:\"204-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 / 5.10 : openssl vulnerability (USN-204-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL\napplications. Applications using the OpenSSL library can use the\nSSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the\nformer) to maintain compatibility with third-party products, which is\nachieved by working around known bugs in them.\n\nThe SSL_OP_MSIE_SSLV2_RSA_PADDING option disabled a verification step\nin the SSL 2.0 server supposed to prevent active protocol-version\nrollback attacks. With this verification step disabled, an attacker\nacting as a 'man in the middle' could force a client and a server to\nnegotiate the SSL 2.0 protocol even if these parties both supported\nSSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe\ncryptographic weaknesses and is supported as a fallback only.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl-dev, libssl0.9.7 and / or openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libssl-dev\", pkgver:\"0.9.7d-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libssl0.9.7\", pkgver:\"0.9.7d-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openssl\", pkgver:\"0.9.7d-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libssl-dev\", pkgver:\"0.9.7e-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libssl0.9.7\", pkgver:\"0.9.7e-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openssl\", pkgver:\"0.9.7e-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libssl-dev\", pkgver:\"0.9.7g-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libssl0.9.7\", pkgver:\"0.9.7g-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"openssl\", pkgver:\"0.9.7g-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl-dev / libssl0.9.7 / openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:41", "description": "The remote Fedora Core host is missing one or more security updates :\n\nopenssl-0.9.7f-7.10 :\n\n - Wed Oct 12 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7f-7.10\n\n - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863)\n\n - more fixes for constant time/memory access for DSA signature algorithm\n\n - updated ICA engine patch\n\n - ca-bundle.crt should be config(noreplace)\n\n - add *.so.soversion as symlinks in /lib (#165264)\n\n - remove unpackaged symlinks (#159595)\n\n - fixes from upstream (bn assembler div on ppc arch, initialize memory on realloc)\n\nopenssl097a-0.9.7a-3.1 :\n\n - Tue Oct 11 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7a-3.1\n\n - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863)\n\n - more fixes for constant time/memory access for DSA signature algorithm\n\n - updated ICA engine patch\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-10-19T00:00:00", "type": "nessus", "title": "Fedora Core 4 : openssl-0.9.7f-7.10 / openssl097a-0.9.7a-3.1 (2005-986)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "p-cpe:/a:fedoraproject:fedora:openssl-debuginfo", "p-cpe:/a:fedoraproject:fedora:openssl-devel", "p-cpe:/a:fedoraproject:fedora:openssl-perl", "p-cpe:/a:fedoraproject:fedora:openssl097a", "p-cpe:/a:fedoraproject:fedora:openssl097a-debuginfo", "cpe:/o:fedoraproject:fedora_core:4"], "id": "FEDORA_2005-986.NASL", "href": "https://www.tenable.com/plugins/nessus/20023", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-986.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20023);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-986\");\n\n script_name(english:\"Fedora Core 4 : openssl-0.9.7f-7.10 / openssl097a-0.9.7a-3.1 (2005-986)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Fedora Core host is missing one or more security updates :\n\nopenssl-0.9.7f-7.10 :\n\n - Wed Oct 12 2005 Tomas Mraz <tmraz at redhat.com>\n 0.9.7f-7.10\n\n - fix CVE-2005-2969 - remove\n SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the\n countermeasure against man in the middle attack in\n SSLv2 (#169863)\n\n - more fixes for constant time/memory access for DSA\n signature algorithm\n\n - updated ICA engine patch\n\n - ca-bundle.crt should be config(noreplace)\n\n - add *.so.soversion as symlinks in /lib (#165264)\n\n - remove unpackaged symlinks (#159595)\n\n - fixes from upstream (bn assembler div on ppc arch,\n initialize memory on realloc)\n\nopenssl097a-0.9.7a-3.1 :\n\n - Tue Oct 11 2005 Tomas Mraz <tmraz at redhat.com>\n 0.9.7a-3.1\n\n - fix CVE-2005-2969 - remove\n SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the\n countermeasure against man in the middle attack in\n SSLv2 (#169863)\n\n - more fixes for constant time/memory access for DSA\n signature algorithm\n\n - updated ICA engine patch\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-October/001488.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53c3d395\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-October/001490.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f1f911c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl097a-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"openssl-0.9.7f-7.10\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"openssl-debuginfo-0.9.7f-7.10\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"openssl-devel-0.9.7f-7.10\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"openssl-perl-0.9.7f-7.10\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"openssl097a-0.9.7a-3.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"openssl097a-debuginfo-0.9.7a-3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:05:45", "description": "An integer overflow has been discovered in helix-player, the helix audio and video player. This flaw could allow a remote attacker to run arbitrary code on a victims computer by supplying a specially crafted network resource.", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-915-1 : helix-player - buffer overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:helix-player", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-915.NASL", "href": "https://www.tenable.com/plugins/nessus/22781", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-915. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22781);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2629\");\n script_bugtraq_id(15381);\n script_xref(name:\"DSA\", value:\"915\");\n\n script_name(english:\"Debian DSA-915-1 : helix-player - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to run\narbitrary code on a victims computer by supplying a specially crafted\nnetwork resource.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-915\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the helix-player package.\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:helix-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"helix-player\", reference:\"1.0.4-1sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:03:39", "description": "iDefense Reports :\n\nRemote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user.\n\nIn order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a malicious server. Once the user visits a website under the control of an attacker, it is possible in a default install of RealPlayer to force a web-browser to use RealPlayer to connect to an arbitrary server, even when it is not the default application for handling those types, by the use of embedded object tags in a webpage. This may allow automated exploitation when the page is viewed.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "FreeBSD : linux-realplayer -- heap overflow (fe4c84fc-bdb5-11da-b7d4-00123ffe8333)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-realplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FE4C84FCBDB511DAB7D400123FFE8333.NASL", "href": "https://www.tenable.com/plugins/nessus/21544", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21544);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2922\");\n script_xref(name:\"Secunia\", value:\"19358\");\n\n script_name(english:\"FreeBSD : linux-realplayer -- heap overflow (fe4c84fc-bdb5-11da-b7d4-00123ffe8333)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"iDefense Reports :\n\nRemote exploitation of a heap-based buffer overflow in RealNetwork\nInc's RealPlayer could allow the execution of arbitrary code in the\ncontext of the currently logged in user.\n\nIn order to exploit this vulnerability, an attacker would need to\nentice a user to follow a link to a malicious server. Once the user\nvisits a website under the control of an attacker, it is possible in a\ndefault install of RealPlayer to force a web-browser to use RealPlayer\nto connect to an arbitrary server, even when it is not the default\napplication for handling those types, by the use of embedded object\ntags in a webpage. This may allow automated exploitation when the page\nis viewed.\"\n );\n # http://service.real.com/realplayer/security/03162006_player/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.real.com/\"\n );\n # http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3617439\"\n );\n # https://vuxml.freebsd.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?963d2fe4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-realplayer>=10.0.1<10.0.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T14:25:56", "description": "Updated OpenSSL packages that fix various security issues are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nOpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.\n\nOpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. This work-around is enabled in most servers that use OpenSSL to provide support for SSL and TLS.\nYutaka Oiwa discovered that this work-around could allow an attacker, acting as a 'man in the middle' to force an SSL connection to use SSL 2.0 rather than a stronger protocol such as SSL 3.0 or TLS 1.0. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2969 to this issue.\n\nA bug was also fixed in the way OpenSSL creates DSA signatures. A cache timing attack was fixed in RHSA-2005-476 which caused OpenSSL to do private key calculations with a fixed time window. The DSA fix for this was not complete and the calculations are not always performed within a fixed-window. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0109 to this issue.\n\nUsers are advised to upgrade to these updated packages, which remove the MISE 3.0.2 work-around and contain patches to correct these issues.\n\nNote: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.", "cvss3": {}, "published": "2006-07-03T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : openssl (CESA-2005:800)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-0109", "CVE-2005-2969"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl096b", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2005-800.NASL", "href": "https://www.tenable.com/plugins/nessus/21861", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:800 and \n# CentOS Errata and Security Advisory 2005:800 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21861);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-0109\", \"CVE-2005-2969\");\n script_xref(name:\"RHSA\", value:\"2005:800\");\n\n script_name(english:\"CentOS 3 / 4 : openssl (CESA-2005:800)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages that fix various security issues are now\navailable.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a\nfull-strength general purpose cryptography library.\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. This work-around is enabled\nin most servers that use OpenSSL to provide support for SSL and TLS.\nYutaka Oiwa discovered that this work-around could allow an attacker,\nacting as a 'man in the middle' to force an SSL connection to use SSL\n2.0 rather than a stronger protocol such as SSL 3.0 or TLS 1.0. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-2969 to this issue.\n\nA bug was also fixed in the way OpenSSL creates DSA signatures. A\ncache timing attack was fixed in RHSA-2005-476 which caused OpenSSL to\ndo private key calculations with a fixed time window. The DSA fix for\nthis was not complete and the calculations are not always performed\nwithin a fixed-window. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2005-0109 to this\nissue.\n\nUsers are advised to upgrade to these updated packages, which remove\nthe MISE 3.0.2 work-around and contain patches to correct these\nissues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012263.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ad41a78\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012266.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b0f60b2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012273.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34710513\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012274.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?697a76e1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssl-0.9.7a-33.17\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssl-devel-0.9.7a-33.17\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssl-perl-0.9.7a-33.17\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssl096b-0.9.6b-16.22.4\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl-0.9.7a-43.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl-devel-0.9.7a-43.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl-perl-0.9.7a-43.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl096b-0.9.6b-22.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl096b\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:37", "description": "Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources.\n\n - CAN-2005-1766 Buffer overflow in the RealText parser could allow remote code execution via a specially crafted RealMedia file with a long RealText string.\n\n - CAN-2005-2710\n\n Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the image handle attribute in a RealPix (.rp) or RealText (.rt) file.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "Debian DSA-826-1 : helix-player - multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1766", "CVE-2005-2710"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:helix-player", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-826.NASL", "href": "https://www.tenable.com/plugins/nessus/19795", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-826. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19795);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1766\", \"CVE-2005-2710\");\n script_xref(name:\"DSA\", value:\"826\");\n\n script_name(english:\"Debian DSA-826-1 : helix-player - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\n - CAN-2005-1766\n Buffer overflow in the RealText parser could allow\n remote code execution via a specially crafted RealMedia\n file with a long RealText string.\n\n - CAN-2005-2710\n\n Format string vulnerability in Real HelixPlayer and\n RealPlayer 10 allows remote attackers to execute\n arbitrary code via the image handle attribute in a\n RealPix (.rp) or RealText (.rt) file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-826\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the helix-player package.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1\n\nhelix-player was distributed only on the i386 and powerpc\narchitectures\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:helix-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"helix-player\", reference:\"1.0.4-1sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:27", "description": "Updated OpenSSL packages that fix various security issues are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nOpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.\n\nOpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. This work-around is enabled in most servers that use OpenSSL to provide support for SSL and TLS.\nYutaka Oiwa discovered that this work-around could allow an attacker, acting as a 'man in the middle' to force an SSL connection to use SSL 2.0 rather than a stronger protocol such as SSL 3.0 or TLS 1.0. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2969 to this issue.\n\nA bug was also fixed in the way OpenSSL creates DSA signatures. A cache timing attack was fixed in RHSA-2005-476 which caused OpenSSL to do private key calculations with a fixed time window. The DSA fix for this was not complete and the calculations are not always performed within a fixed-window. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0109 to this issue.\n\nUsers are advised to upgrade to these updated packages, which remove the MISE 3.0.2 work-around and contain patches to correct these issues.\n\nNote: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.", "cvss3": {}, "published": "2005-10-19T00:00:00", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 : openssl (RHSA-2005:800)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-0109", "CVE-2005-2969"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl095a", "p-cpe:/a:redhat:enterprise_linux:openssl096", "p-cpe:/a:redhat:enterprise_linux:openssl096b", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-800.NASL", "href": "https://www.tenable.com/plugins/nessus/20050", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:800. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20050);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-0109\", \"CVE-2005-2969\");\n script_xref(name:\"RHSA\", value:\"2005:800\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : openssl (RHSA-2005:800)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages that fix various security issues are now\navailable.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a\nfull-strength general purpose cryptography library.\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. This work-around is enabled\nin most servers that use OpenSSL to provide support for SSL and TLS.\nYutaka Oiwa discovered that this work-around could allow an attacker,\nacting as a 'man in the middle' to force an SSL connection to use SSL\n2.0 rather than a stronger protocol such as SSL 3.0 or TLS 1.0. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-2969 to this issue.\n\nA bug was also fixed in the way OpenSSL creates DSA signatures. A\ncache timing attack was fixed in RHSA-2005-476 which caused OpenSSL to\ndo private key calculations with a fixed time window. The DSA fix for\nthis was not complete and the calculations are not always performed\nwithin a fixed-window. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2005-0109 to this\nissue.\n\nUsers are advised to upgrade to these updated packages, which remove\nthe MISE 3.0.2 work-around and contain patches to correct these\nissues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:800\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl095a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl096\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:800\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-0.9.6b-40\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"openssl-0.9.6b-40\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-devel-0.9.6b-40\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-perl-0.9.6b-40\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl095a-0.9.5a-26\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl096-0.9.6-27\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-0.9.7a-33.17\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-devel-0.9.7a-33.17\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-perl-0.9.7a-33.17\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-16.22.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"s390\", reference:\"openssl096b-0.9.6b-16.22.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-16.22.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"openssl-0.9.7a-43.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssl-devel-0.9.7a-43.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssl-perl-0.9.7a-43.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"openssl096b-0.9.6b-22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-22.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl095a / openssl096 / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:54", "description": "Yutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL.\n\nSuch applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third- party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a 'man in the middle' can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only.\n(CVE-2005-2969)\n\nThe current default algorithm for creating 'message digests' (electronic signatures) for certificates created by openssl is MD5.\nHowever, this algorithm is not deemed secure any more, and some practical attacks have been demonstrated which could allow an attacker to forge certificates with a valid certification authority signature even if he does not know the secret CA signing key.\n\nTo address this issue, openssl has been changed to use SHA-1 by default. This is a more appropriate default algorithm for the majority of use cases. If you still want to use MD5 as default, you can revert this change by changing the two instances of 'default_md = sha1' to 'default_md = md5' in /usr/{lib,lib64}/ssl/openssl.cnf.\n(CVE-2005-2946)", "cvss3": {}, "published": "2005-10-19T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : openssl (MDKSA-2005:179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2946", "CVE-2005-2969"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:openssl", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.7", "p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2005-179.NASL", "href": "https://www.tenable.com/plugins/nessus/20039", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:179. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20039);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2946\", \"CVE-2005-2969\");\n script_xref(name:\"MDKSA\", value:\"2005:179\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openssl (MDKSA-2005:179)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered vulnerability potentially affects applications\nthat use the SSL/TLS server implementation provided by OpenSSL.\n\nSuch applications are affected if they use the option\nSSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of\nSSL_OP_ALL, which is intended to work around various bugs in third-\nparty software that might prevent interoperability. The\nSSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in\nthe SSL 2.0 server supposed to prevent active protocol-version\nrollback attacks. With this verification step disabled, an attacker\nacting as a 'man in the middle' can force a client and a server to\nnegotiate the SSL 2.0 protocol even if these parties both support SSL\n3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe\ncryptographic weaknesses and is supported as a fallback only.\n(CVE-2005-2969)\n\nThe current default algorithm for creating 'message digests'\n(electronic signatures) for certificates created by openssl is MD5.\nHowever, this algorithm is not deemed secure any more, and some\npractical attacks have been demonstrated which could allow an attacker\nto forge certificates with a valid certification authority signature\neven if he does not know the secret CA signing key.\n\nTo address this issue, openssl has been changed to use SHA-1 by\ndefault. This is a more appropriate default algorithm for the majority\nof use cases. If you still want to use MD5 as default, you can revert\nthis change by changing the two instances of 'default_md = sha1' to\n'default_md = md5' in /usr/{lib,lib64}/ssl/openssl.cnf.\n(CVE-2005-2946)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-0.9.7d-1.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-devel-0.9.7d-1.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-static-devel-0.9.7d-1.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libopenssl0.9.7-0.9.7d-1.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libopenssl0.9.7-devel-0.9.7d-1.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libopenssl0.9.7-static-devel-0.9.7d-1.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"openssl-0.9.7d-1.3.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-0.9.7e-5.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-devel-0.9.7e-5.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-static-devel-0.9.7e-5.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libopenssl0.9.7-0.9.7e-5.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libopenssl0.9.7-devel-0.9.7e-5.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libopenssl0.9.7-static-devel-0.9.7e-5.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"openssl-0.9.7e-5.2.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-0.9.7g-2.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-devel-0.9.7g-2.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-static-devel-0.9.7g-2.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libopenssl0.9.7-0.9.7g-2.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libopenssl0.9.7-devel-0.9.7g-2.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libopenssl0.9.7-static-devel-0.9.7g-2.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openssl-0.9.7g-2.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:37", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:018 (RealPlayer).\n\n\nThis update fixes the following security problems in Realplayer:\n\n- Specially crafted SWF files could cause a buffer overflow and crash RealPlayer (CVE-2006-0323).\n\n- Specially crafted web sites could cause heap overflow and lead to executing arbitrary code (CVE-2005-2922). This was already fixed with the previously released 1.0.6 version, but not announced on request of Real.\n\nThe advisory for these problems is on this page at Real:\nhttp://service.real.com/realplayer/security/03162006_player/en/\n\nSUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by this problem and receive fixed packages.\n\nIf you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux Desktop 1, we again wish to remind you that the Real player on these products cannot be updated and recommend to deinstall it.", "cvss3": {}, "published": "2006-03-27T00:00:00", "type": "nessus", "title": "SUSE-SA:2006:018: RealPlayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2006_018.NASL", "href": "https://www.tenable.com/plugins/nessus/21150", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:018\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(21150);\n script_version(\"1.9\");\n \n name[\"english\"] = \"SUSE-SA:2006:018: RealPlayer\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:018 (RealPlayer).\n\n\nThis update fixes the following security problems in Realplayer:\n\n- Specially crafted SWF files could cause a buffer overflow and\ncrash RealPlayer (CVE-2006-0323).\n\n- Specially crafted web sites could cause heap overflow and lead to\nexecuting arbitrary code (CVE-2005-2922). This was already fixed\nwith the previously released 1.0.6 version, but not announced on\nrequest of Real.\n\nThe advisory for these problems is on this page at Real:\nhttp://service.real.com/realplayer/security/03162006_player/en/\n\nSUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by\nthis problem and receive fixed packages.\n\nIf you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux\nDesktop 1, we again wish to remind you that the Real player on these\nproducts cannot be updated and recommend to deinstall it.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2006_18_realplayer.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the RealPlayer package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T15:01:33", "description": "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise for Windows on the remote host is affected by multiple buffer overflow vulnerabilities. \n\nAn attacker may be able to leverage these issues to execute arbitrary code on the remote host subject to the permissions of the user running the affected application. Note that a user doesn't necessarily need to explicitly access a malicious media file since the browser may automatically pass to the application RealPlayer skin files (ie, files with the extension '.rjs').", "cvss3": {}, "published": "2005-11-11T00:00:00", "type": "nessus", "title": "RealPlayer for Windows Multiple Overflows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2630", "CVE-2005-3677"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:realnetworks:realplayer"], "id": "REALPLAYER_6012.NASL", "href": "https://www.tenable.com/plugins/nessus/20184", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20184);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2630\", \"CVE-2005-3677\");\n script_bugtraq_id(15381, 15382, 15383, 15398);\n\n script_name(english:\"RealPlayer for Windows Multiple Overflows\");\n script_summary(english:\"Checks RealPlayer build number\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by several overflow\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer /\nRealOne Player / RealPlayer Enterprise for Windows on the remote host\nis affected by multiple buffer overflow vulnerabilities. \n\nAn attacker may be able to leverage these issues to execute arbitrary\ncode on the remote host subject to the permissions of the user running\nthe affected application. Note that a user doesn't necessarily need\nto explicitly access a malicious media file since the browser may\nautomatically pass to the application RealPlayer skin files (ie, files\nwith the extension '.rjs').\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.beyondtrust.com/resources/blog/research/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.beyondtrust.com/resources/blog/research/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/416475\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/help/faq/security/security111005.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/help/faq/security/051110_player/EN/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade according to the vendor advisories referenced above.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/11/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2005/11/10\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\n# nb: RealOne Player and RealPlayer Enterprise are also affected,\n# but we don't currently know which specific build numbers\n# address the issues.\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod || prod != \"RealPlayer\") exit(0);\n\n\n# Check build.\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (build)\n{\n # There's a problem if the build is 6.0.12.1235 or older.\n ver = split(build, sep:'.', keep:FALSE);\n if (\n int(ver[0]) < 6 ||\n (\n int(ver[0]) == 6 &&\n int(ver[1]) == 0 && \n (\n int(ver[2]) < 12 ||\n (int(ver[2]) == 12 && int(ver[3]) <= 1235)\n )\n )\n )\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:37", "description": "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from one or more buffer overflows involving maliciously- crafted SWF and MBC files as well as web pages. In addition, it also may be affected by a local privilege escalation issue.", "cvss3": {}, "published": "2006-03-24T00:00:00", "type": "nessus", "title": "RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2005-2936", "CVE-2006-0323", "CVE-2006-1370"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/a:realnetworks:realplayer"], "id": "REALPLAYER_6_0_12_1483.NASL", "href": "https://www.tenable.com/plugins/nessus/21140", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21140);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2005-2922\", \"CVE-2005-2936\", \"CVE-2006-0323\", \"CVE-2006-1370\");\n script_bugtraq_id(15448, 17202);\n\n script_name(english:\"RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities\");\n script_summary(english:\"Checks RealPlayer build number\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by several issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer /\nRealOne Player / RealPlayer Enterprise on the remote Windows host\nsuffers from one or more buffer overflows involving maliciously-\ncrafted SWF and MBC files as well as web pages. In addition, it also\nmay be affected by a local privilege escalation issue.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d16d359\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0b66183\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/realplayer/security/03162006_player/en/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade according to the vendor advisory referenced above.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/11/15\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/03/16\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\n# nb: RealOne Player and RealPlayer Enterprise are also affected,\n# but we don't currently know which specific build numbers\n# address the issues.\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod || prod != \"RealPlayer\") exit(0);\n\n\n# Check build.\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (!build) exit(0);\n\n# There's a problem if the build is before 6.0.12.1483.\nver = split(build, sep:'.', keep:FALSE);\nif (\n int(ver[0]) < 6 ||\n (\n int(ver[0]) == 6 &&\n int(ver[1]) == 0 && \n (\n int(ver[2]) < 12 ||\n (int(ver[2]) == 12 && int(ver[3]) < 1483)\n )\n )\n)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:05:53", "description": "SunOS 5.10: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 121229-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-5201", "CVE-2006-7140", "CVE-2007-5135"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:121229", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_121229-02.NASL", "href": "https://www.tenable.com/plugins/nessus/107376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107376);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2969\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-5201\", \"CVE-2006-7140\", \"CVE-2007-5135\");\n\n script_name(english:\"Solaris 10 (sparc) : 121229-02\");\n script_summary(english:\"Check for patch 121229-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 121229-02\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.10: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://download.oracle.com/sunalerts/1001144.1.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 121229-02\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:121229\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121229-02\", obsoleted_by:\"120011-14 \", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121229-02\", obsoleted_by:\"120011-14 \", package:\"SUNWopenssl-include\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121229-02\", obsoleted_by:\"120011-14 \", package:\"SUNWopenssl-libraries\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWcakr / SUNWopenssl-include / SUNWopenssl-libraries\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:55:33", "description": "SunOS 5.10: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07", "cvss3": {}, "published": "2005-12-07T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 121229-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-5201", "CVE-2006-7140", "CVE-2007-5135"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SOLARIS10_121229.NASL", "href": "https://www.tenable.com/plugins/nessus/20272", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/10/24.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(20272);\n script_version(\"1.33\");\n\n script_name(english: \"Solaris 10 (sparc) : 121229-02\");\n script_cve_id(\"CVE-2005-2969\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-5201\", \"CVE-2006-7140\", \"CVE-2007-5135\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 121229-02\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.10: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"http://download.oracle.com/sunalerts/1001144.1.html\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/12/07\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/10/11\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 121229-02\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T16:19:06", "description": "Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications.\n\nSeveral flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user.\n(CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a 'man in the middle' to force an SSL connection to use SSL 2.0 rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937).\n\nCertain public key types can take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter, which could allow a local user to gain privileges by running a script with a long name from the current working directory.\n(CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap", "p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_0_2_3", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0525.NASL", "href": "https://www.tenable.com/plugins/nessus/43838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0525. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43838);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1849\", \"CVE-2005-2096\", \"CVE-2005-2969\", \"CVE-2006-1542\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-4980\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(19849, 20246, 20247, 20248, 20249, 25696, 28276);\n script_xref(name:\"RHSA\", value:\"2008:0525\");\n\n script_name(english:\"RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Network Satellite Server version 4.2.3 is now available. This\nupdate includes fixes for a number of security issues in Red Hat\nNetwork Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server\nSolaris client. In a typical operating environment, these components\nare not used by the Satellite Server in a vulnerable manner. These\nsecurity updates will reduce risk should these components be used by\nother applications.\n\nSeveral flaws in Zlib was discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream is opened by a user. (CVE-2005-2096). An attacker\ncould create a carefully crafted compressed stream that would cause an\napplication to crash if the stream is opened by a user.\n(CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL\nSSL_get_shared_ciphers() utility function. An attacker could send a\nlist of ciphers to an application that used this function and overrun\na buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client\napplication used OpenSSL to create an SSLv2 connection to a malicious\nserver, that server could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an\nRSA key with exponent 3 is used it may be possible for an attacker to\nforge a PKCS #1 v1.5 signature that would be incorrectly verified by\nimplementations that do not check for excess data in the RSA\nexponentiation result of the signature. This issue affected\napplications that use OpenSSL to verify X.509 certificates as well as\nother uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most\nservers that use OpenSSL to provide support for SSL and TLS. This\nwork-around could allow an attacker, acting as a 'man in the middle'\nto force an SSL connection to use SSL 2.0 rather than a stronger\nprotocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937).\n\nCertain public key types can take disproportionate amounts of time to\nprocess in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the way that the Python repr() function\nhandled UTF-32/UCS-4 strings. If an application written in Python used\nthe repr() function on untrusted data, this could lead to a denial of\nservice or possibly allow the execution of arbitrary code with the\nprivileges of the Python application. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python\ninterpreter, which could allow a local user to gain privileges by\nrunning a script with a long name from the current working directory.\n(CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these\nupdated packages, which contain backported patches to correct these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0525\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhn-solaris-bootstrap and / or\nrhn_solaris_bootstrap_5_0_2_3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_0_2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0525\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL3\", rpm:\"rhns-solaris-\") || rpm_exists(release:\"RHEL4\", rpm:\"rhns-solaris-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL3\", reference:\"rhn-solaris-bootstrap-5.0.2-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rhn_solaris_bootstrap_5_0_2_3-1-0\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"rhn-solaris-bootstrap-5.0.2-3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhn_solaris_bootstrap_5_0_2_3-1-0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhn-solaris-bootstrap / rhn_solaris_bootstrap_5_0_2_3\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T16:18:11", "description": "Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications.\n\nTwo denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849)\n\nMultiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969)\n\nMultiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues.", "cvss3": {}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap", "p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_0_2_3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0264.NASL", "href": "https://www.tenable.com/plugins/nessus/43836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0264. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43836);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1849\", \"CVE-2005-2096\", \"CVE-2005-2969\", \"CVE-2006-1542\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-4980\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(19849, 20246, 20247, 20248, 20249, 22083, 25696, 28276);\n script_xref(name:\"RHSA\", value:\"2008:0264\");\n\n script_name(english:\"RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Network Satellite Server version 5.0.2 is now available. This\nupdate includes fixes for a number of security issues in Red Hat\nNetwork Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server\nSolaris client. In a typical operating environment, these components\nare not used by the Satellite Server in a vulnerable manner. These\nsecurity updates will reduce risk should these components be used by\nother applications.\n\nTwo denial-of-service flaws were fixed in ZLib. (CVE-2005-2096,\nCVE-2005-1849)\n\nMultiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339,\nCVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969)\n\nMultiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052,\nCVE-2006-4980, CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server 5.0.1 are advised to upgrade\nto 5.0.2, which resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0264\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhn-solaris-bootstrap and / or\nrhn_solaris_bootstrap_5_0_2_3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_0_2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0264\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"rhns-solaris-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"rhn-solaris-bootstrap-5.0.2-3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhn_solaris_bootstrap_5_0_2_3-1-0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhn-solaris-bootstrap / rhn_solaris_bootstrap_5_0_2_3\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T16:18:12", "description": "Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications.\n\nSeveral flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937).\n\nCertain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the Python repr() function's handling of UTF-32/UCS-4 strings. If an application used the repr() function on untrusted data, this could lead to a denial of service or, possibly, allow the execution of arbitrary code with the privileges of the application using the flawed function. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This could, potentially, cause disclosure of data stored in the memory of an application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module. If an application used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or, possibly, execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter, which could allow a local user to gain privileges by running a script with a long name from the current working directory.\n(CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap", "p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_1_1_3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0629.NASL", "href": "https://www.tenable.com/plugins/nessus/43839", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0629. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43839);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1849\", \"CVE-2005-2096\", \"CVE-2005-2969\", \"CVE-2006-1542\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-4980\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(19849, 20246, 20247, 20248, 20249, 25696);\n script_xref(name:\"RHSA\", value:\"2008:0629\");\n\n script_name(english:\"RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in Red Hat\nNetwork Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in components\nshipped as part of the Red Hat Network Satellite Server Solaris\nclient. In a typical operating environment, these components are not\nused by the Satellite Server in a vulnerable manner. These security\nupdates will reduce risk should these components be used by other\napplications.\n\nSeveral flaws in Zlib were discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream was opened by a user. (CVE-2005-2096,\nCVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL\nSSL_get_shared_ciphers() utility function. An attacker could send a\nlist of ciphers to an application that used this function and overrun\na buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client\napplication used OpenSSL to create an SSLv2 connection to a malicious\nserver, that server could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an\nRSA key with exponent 3 was used an attacker could, potentially, forge\na PKCS #1 v1.5 signature that would be incorrectly verified by\nimplementations that do not check for excess data in the RSA\nexponentiation result of the signature. This issue affected\napplications that use OpenSSL to verify X.509 certificates as well as\nother uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most\nservers that use OpenSSL to provide support for SSL and TLS. This\nwork-around was vulnerable to a man-in-the-middle attack which allowed\na remote user to force an SSL connection to use SSL 2.0, rather than a\nstronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures, an error\ncondition was mishandled. This could result in an infinite loop which\nconsumed system memory (CVE-2006-2937).\n\nCertain public key types could take disproportionate amounts of time\nto process in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the Python repr() function's handling of\nUTF-32/UCS-4 strings. If an application used the repr() function on\nuntrusted data, this could lead to a denial of service or, possibly,\nallow the execution of arbitrary code with the privileges of the\napplication using the flawed function. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This could, potentially, cause disclosure of data\nstored in the memory of an application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application used the imageop module to process untrusted\nimages, it could cause the application to crash, enter an infinite\nloop, or, possibly, execute arbitrary code with the privileges of the\nPython interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python\ninterpreter, which could allow a local user to gain privileges by\nrunning a script with a long name from the current working directory.\n(CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these\nupdated packages, which contain backported patches to correct these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0629\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhn-solaris-bootstrap and / or\nrhn_solaris_bootstrap_5_1_1_3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_1_1_3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0629\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"rhns-solaris-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"rhn-solaris-bootstrap-5.1.1-3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhn_solaris_bootstrap_5_1_1_3-1-0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhn-solaris-bootstrap / rhn_solaris_bootstrap_5_1_1_3\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:55:26", "description": "The remote host is running Apple Mac OS X, but lacks Security Update 2005-009.\n\nThis security update contains fixes for the following applications :\n\n- Apache2\n- Apache_mod_ssl\n- CoreFoundation\n- curl\n- iodbcadmintool\n- OpenSSL\n- passwordserver\n- Safari\n- sudo\n- syslog", "cvss3": {}, "published": "2005-11-30T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2005-009)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1993", "CVE-2005-2088", "CVE-2005-2272", "CVE-2005-2491", "CVE-2005-2700", "CVE-2005-2757", "CVE-2005-2969", "CVE-2005-3185", "CVE-2005-3700", "CVE-2005-3701", "CVE-2005-3702", "CVE-2005-3704", "CVE-2005-3705"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2005-009.NASL", "href": "https://www.tenable.com/plugins/nessus/20249", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20249);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-1993\", \"CVE-2005-2088\", \"CVE-2005-2272\", \"CVE-2005-2491\", \"CVE-2005-2700\",\n \"CVE-2005-2757\", \"CVE-2005-2969\", \"CVE-2005-3185\", \"CVE-2005-3700\", \"CVE-2005-3701\",\n \"CVE-2005-3702\", \"CVE-2005-3704\", \"CVE-2005-3705\");\n script_bugtraq_id(13993, 14011, 14106, 14620, 14721, 15071, 15102, 16882, 16903, 16904, 16926, 29011);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2005-009)\");\n script_summary(english:\"Check for Security Update 2005-009\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote operating system is missing a vendor-supplied patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Apple Mac OS X, but lacks\nSecurity Update 2005-009.\n\nThis security update contains fixes for the following\napplications :\n\n- Apache2\n- Apache_mod_ssl\n- CoreFoundation\n- curl\n- iodbcadmintool\n- OpenSSL\n- passwordserver\n- Safari\n- sudo\n- syslog\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=302847\");\n script_set_attribute(attribute:\"solution\", value:\n\"Mac OS X 10.4 :\nhttp://www.apple.com/support/downloads/securityupdate2005009tigerclient.html\nhttp://www.apple.com/support/downloads/securityupdate2005009tigerserver.html\n\nMac OS X 10.3 :\nhttp://www.apple.com/support/downloads/securityupdate2005009pantherclient.html\nhttp://www.apple.com/support/downloads/securityupdate2005009pantherserver.html\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( egrep(pattern:\"Darwin.* (7\\.[0-9]\\.|8\\.[0-3]\\.)\", string:uname) )\n{\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2005-009|2006-00[123467]|2007-003)\", string:packages)) security_hole(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "centos": [{"lastseen": "2023-11-28T17:36:35", "description": "**CentOS Errata and Security Advisory** CESA-2005:788\n\n\nHelixPlayer is a media player.\r\n\r\nA format string bug was discovered in the way HelixPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running HelixPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-September/074369.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-September/074370.html\n\n**Affected packages:**\nHelixPlayer\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2005:788", "cvss3": {}, "published": "2005-09-27T22:04:42", "type": "centos", "title": "HelixPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2005-09-27T22:05:18", "id": "CESA-2005:788", "href": "https://lists.centos.org/pipermail/centos-announce/2005-September/074369.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T17:36:05", "description": "**CentOS Errata and Security Advisory** CESA-2005:800-01\n\n\nOpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and\r\nTransport Layer Security (TLS v1) protocols as well as a full-strength\r\ngeneral purpose cryptography library.\r\n\r\nOpenSSL contained a software work-around for a bug in SSL handling in\r\nMicrosoft Internet Explorer version 3.0.2. This work-around is enabled in\r\nmost servers that use OpenSSL to provide support for SSL and TLS. Yutaka\r\nOiwa discovered that this work-around could allow an attacker, acting as a\r\n\"man in the middle\" to force an SSL connection to use SSL 2.0 rather than a\r\nstronger protocol such as SSL 3.0 or TLS 1.0. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2969\r\nto this issue.\r\n\r\nA bug was also fixed in the way OpenSSL creates DSA signatures. A cache\r\ntiming attack was fixed in RHSA-2005-476 which caused OpenSSL to do private\r\nkey calculations with a fixed time window. The DSA fix for this was not\r\ncomplete and the calculations are not always performed within a\r\nfixed-window. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-0109 to this issue.\r\n\r\nUsers are advised to upgrade to these updated packages, which remove the\r\nMISE 3.0.2 work-around and contain patches to correct these issues.\r\n\r\nNote: After installing this update, users are advised to either\r\nrestart all services that use OpenSSL or restart their system.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/074445.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl095a\nopenssl096\n\n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2005-10-12T00:30:56", "type": "centos", "title": "openssl, openssl095a, openssl096 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0109", "CVE-2005-2969"], "modified": "2005-10-12T00:30:56", "id": "CESA-2005:800-01", "href": "https://lists.centos.org/pipermail/centos-announce/2005-October/074445.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T17:36:02", "description": "**CentOS Errata and Security Advisory** CESA-2005:800\n\n\nOpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and\r\nTransport Layer Security (TLS v1) protocols as well as a full-strength\r\ngeneral purpose cryptography library.\r\n\r\nOpenSSL contained a software work-around for a bug in SSL handling in\r\nMicrosoft Internet Explorer version 3.0.2. This work-around is enabled in\r\nmost servers that use OpenSSL to provide support for SSL and TLS. Yutaka\r\nOiwa discovered that this work-around could allow an attacker, acting as a\r\n\"man in the middle\" to force an SSL connection to use SSL 2.0 rather than a\r\nstronger protocol such as SSL 3.0 or TLS 1.0. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2969\r\nto this issue.\r\n\r\nA bug was also fixed in the way OpenSSL creates DSA signatures. A cache\r\ntiming attack was fixed in RHSA-2005-476 which caused OpenSSL to do private\r\nkey calculations with a fixed time window. The DSA fix for this was not\r\ncomplete and the calculations are not always performed within a\r\nfixed-window. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-0109 to this issue.\r\n\r\nUsers are advised to upgrade to these updated packages, which remove the\r\nMISE 3.0.2 work-around and contain patches to correct these issues.\r\n\r\nNote: After installing this update, users are advised to either\r\nrestart all services that use OpenSSL or restart their system.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/074425.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/074428.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/074435.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/074436.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/074440.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/074447.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl096b\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2005:800", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2005-10-11T17:08:24", "type": "centos", "title": "openssl, openssl096b security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0109", "CVE-2005-2969"], "modified": "2005-10-12T10:34:48", "id": "CESA-2005:800", "href": "https://lists.centos.org/pipermail/centos-announce/2005-October/074425.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2021-10-22T02:59:50", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 882-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nNovember 4th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl095\nVulnerability : cryptographic weakness\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2969\n\nYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.6.dsc\n Size/MD5 checksum: 631 06d702bf602bdf36e76ccf1d293e2755\n http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.6.diff.gz\n Size/MD5 checksum: 39425 bbc79b4a3b51c3407642a909924636b3\n http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz\n Size/MD5 checksum: 1892089 99d22f1d4d23ff8b927f94a9df3997b4\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_alpha.deb\n Size/MD5 checksum: 497428 d7f43468426f4937d9f6f4f200b62ac4\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_arm.deb\n Size/MD5 checksum: 402790 3b6d0893487c55369771219423b8acf0\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_i386.deb\n Size/MD5 checksum: 400034 11c30a4af4fb8f00848aff98caf4a721\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_m68k.deb\n Size/MD5 checksum: 377034 5bc6aa7ce2c912bf6b306db88044e58d\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_mips.deb\n Size/MD5 checksum: 412864 ca4c4ace9a42844cfd93320f6438895a\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_mipsel.deb\n Size/MD5 checksum: 407678 ca10a64a6c760d2e45f2a1cdfa33ed1e\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_powerpc.deb\n Size/MD5 checksum: 425740 106ba99bf991c3e8864d414be25a92e4\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_sparc.deb\n Size/MD5 checksum: 412474 1abb2a98b00c638cf88cead55ec5959f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-11-04T12:08:28", "type": "debian", "title": "[SECURITY] [DSA 882-1] New OpenSSL packages fix cryptographic weakness", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-11-04T12:08:28", "id": "DEBIAN:DSA-882-1:351B9", "href": "https://lists.debian.org/debian-security-announce/2005/msg00278.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T02:57:04", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 888-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nNovember 7th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : cryptographic weakness\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2969\n\nYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8.dsc\n Size/MD5 checksum: 632 0f3990f71f6773a516a413c393fc6604\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8.diff.gz\n Size/MD5 checksum: 45527 30aa51e1f88c95e086f7918a47fe8f5c\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz\n Size/MD5 checksum: 2153980 c8261d93317635d56df55650c6aeb3dc\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.8_all.deb\n Size/MD5 checksum: 982 71fd036f7135cd3e68c4cf33ed7e2976\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_alpha.deb\n Size/MD5 checksum: 1551638 2f5d722aa4b7c7bd6c9908a3998b6420\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_alpha.deb\n Size/MD5 checksum: 571552 5e94a096f7569a2e18f82a697908d230\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_alpha.deb\n Size/MD5 checksum: 736780 2f964e236883e2c8ed7ad2d28ed2bc6b\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_arm.deb\n Size/MD5 checksum: 1358314 c2f4acf9994dd42ae0373c34163b6a96\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_arm.deb\n Size/MD5 checksum: 474348 bc3950a119bd05ab4602fc1aae42f6c0\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_arm.deb\n Size/MD5 checksum: 730164 c5cc5638fb9ca1583cc23602b61a6dc7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_i386.deb\n Size/MD5 checksum: 1289480 0d32fea022a7896b321d673a9138c90f\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_i386.deb\n Size/MD5 checksum: 461972 970aa086b6758741b4cbbf32e94572a1\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_i386.deb\n Size/MD5 checksum: 717322 88a3bcb5d1b4330fb25c95b5c7f95bd3\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_ia64.deb\n Size/MD5 checksum: 1615580 e66ad48cf480c87a965cad2dadde3074\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_ia64.deb\n Size/MD5 checksum: 711412 a7ff065df8383c36ee0e265d889df450\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_ia64.deb\n Size/MD5 checksum: 763808 a62f8d33db6e9bc3e770dfd3f23fe70f\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_hppa.deb\n Size/MD5 checksum: 1435394 5d5be2d74a8035fdee039237f93ad267\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_hppa.deb\n Size/MD5 checksum: 565228 aa3bfa3d333195f59b637d434cc0e4d7\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_hppa.deb\n Size/MD5 checksum: 742192 51644d86e15c7bac4d005e57881c6627\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_m68k.deb\n Size/MD5 checksum: 1266800 9973441879b98558d95904e0f2798f7c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_m68k.deb\n Size/MD5 checksum: 450948 7f7199530678b922e3b9499a9e3c9107\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_m68k.deb\n Size/MD5 checksum: 720758 87053610447971c8923160df9ae48304\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_mips.deb\n Size/MD5 checksum: 1415426 5a9625c92cdf9f54f532806278cf7b71\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_mips.deb\n Size/MD5 checksum: 483940 4c322f1697e1cd5c701b8870417d5604\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_mips.deb\n Size/MD5 checksum: 717966 8ce534b83ec7fc69878fbb032562db7f\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_mipsel.deb\n Size/MD5 checksum: 1409820 335f3bfc4afadc7099dd81ca655f43ab\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_mipsel.deb\n Size/MD5 checksum: 476994 4e51fa71c3feb9871eae6d3620d97a88\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_mipsel.deb\n Size/MD5 checksum: 717282 74f673dc3d93ab31316c266647e236f8\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_powerpc.deb\n Size/MD5 checksum: 1387860 8c150c04059434d276d9be72e60a33d5\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_powerpc.deb\n Size/MD5 checksum: 502762 bc0b6913643d3a49410b2e8b991a2612\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_powerpc.deb\n Size/MD5 checksum: 727200 942fccc855f790681ff55792595a0e9e\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_s390.deb\n Size/MD5 checksum: 1326764 f0e3604fd60501387dd64d147ed2b399\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_s390.deb\n Size/MD5 checksum: 510774 4720d8b0c5b4a4989941af6af448f1c8\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_s390.deb\n Size/MD5 checksum: 731906 e087d1292d906a027bd18f8ba64bcaa7\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_sparc.deb\n Size/MD5 checksum: 1344478 462215d04cdc46df9d3c30ca9809ad0c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_sparc.deb\n Size/MD5 checksum: 485082 d5bf47809f860074a30d1925ec260471\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_sparc.deb\n Size/MD5 checksum: 737538 bd16a927946e42e9388c10c6caab2471\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1.dsc\n Size/MD5 checksum: 639 1d4fe852d85c23ee4befe3b69ad11f42\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1.diff.gz\n Size/MD5 checksum: 27134 40b781ed5e9b5da015d3d17621378c75\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz\n Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_alpha.deb\n Size/MD5 checksum: 3339042 08256d8f24f46888c8d851e7a7717d03\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_alpha.deb\n Size/MD5 checksum: 2445184 1c9cfeaa0af4cfe1e412342afb315028\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_alpha.deb\n Size/MD5 checksum: 929866 89c795ae3258886e24dc3c05b0317c0d\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_amd64.deb\n Size/MD5 checksum: 2693256 1c9d25d3ca61d64cc55cefbd53543984\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_amd64.deb\n Size/MD5 checksum: 769270 444bbc7046101472d4a0d918e258c15c\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_amd64.deb\n Size/MD5 checksum: 903332 901d18551ad23f7c95489589aecc9394\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_arm.deb\n Size/MD5 checksum: 2554838 9da71c016a4c19c4766022b75b6c9b1c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_arm.deb\n Size/MD5 checksum: 689386 9d607bbe307f6b050865cdccee0e8b2b\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_arm.deb\n Size/MD5 checksum: 893800 fb067120630f9638363b8ee7fd133110\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_i386.deb\n Size/MD5 checksum: 2551894 c9a047ff0bb105d5dbf150370746044a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_i386.deb\n Size/MD5 checksum: 2262314 ecd5cfaa6085cdd73f15ffff1e2780a9\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_i386.deb\n Size/MD5 checksum: 902214 eb49dbdd0b9bc19342000833eafc422a\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_ia64.deb\n Size/MD5 checksum: 3394806 d165b3284eab212f0a90c3d7aa9d274c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_ia64.deb\n Size/MD5 checksum: 1037634 6901a41b294cc7446a5d8b36037fb09c\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_ia64.deb\n Size/MD5 checksum: 974704 3bd5964f5a7543e3ed589584362ab5b5\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_hppa.deb\n Size/MD5 checksum: 2695182 889bafc3edbc895e4abeb548e16a2218\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_hppa.deb\n Size/MD5 checksum: 790356 cda81a66041c3948d0b04a811fd5e78f\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_hppa.deb\n Size/MD5 checksum: 914154 e06f637b72ad3ef60f9bd1dcafd28b1f\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_m68k.deb\n Size/MD5 checksum: 2316264 22c140d007c3ae174925621468a39cb1\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_m68k.deb\n Size/MD5 checksum: 661018 7f67414f0791fc985541378bb55dc7bb\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_m68k.deb\n Size/MD5 checksum: 889428 22cb29e59ffcbae25cea4db0d27115ad\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_mips.deb\n Size/MD5 checksum: 2778266 f467fff7ed6cbefbc672dd7751473596\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_mips.deb\n Size/MD5 checksum: 705794 9a63ff8605fd3f2759e78a9a8081d478\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_mips.deb\n Size/MD5 checksum: 896400 f1e1f16d6b5857a4bce14ca8bd5bc736\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_mipsel.deb\n Size/MD5 checksum: 2765942 34c72af7ae700c9583a11c3044f942d4\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_mipsel.deb\n Size/MD5 checksum: 693754 0052d22ab3dafb44b5fbd7978d83a814\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_mipsel.deb\n Size/MD5 checksum: 895542 0901349aab6ab6231b530475b4669ea6\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_powerpc.deb\n Size/MD5 checksum: 2775598 1f2e461d360e3cc8e33d5cd866f9e1d0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_powerpc.deb\n Size/MD5 checksum: 778892 ddd9238eafb70e31b4fb991909a5bdb8\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_powerpc.deb\n Size/MD5 checksum: 908056 5f601e19f91dcdc08541277a42592d5a\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_s390.deb\n Size/MD5 checksum: 2716890 7aa32958f3d1631ac8774ce26ed718f0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_s390.deb\n Size/MD5 checksum: 813422 bc2cffe3bcac2ac971d3cbaf7f3e02ea\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_s390.deb\n Size/MD5 checksum: 918200 a2d0be567be281c9e6af34fd49c89ec8\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_sparc.deb\n Size/MD5 checksum: 2629110 35c2e695c12fd379bfa100347f0641b2\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_sparc.deb\n Size/MD5 checksum: 1883990 b432d0bfa5408215a68fc3260e5c3f4a\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_sparc.deb\n Size/MD5 checksum: 924138 203d2f9a8068fb193a72d610df41f045\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-11-07T19:06:00", "type": "debian", "title": "[SECURITY] [DSA 888-1] New OpenSSL packages fix cryptographic weakness", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-11-07T19:06:00", "id": "DEBIAN:DSA-888-1:1BAB0", "href": "https://lists.debian.org/debian-security-announce/2005/msg00285.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-27T13:56:53", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 882-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nNovember 4th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl095\nVulnerability : cryptographic weakness\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2969\n\nYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.6.dsc\n Size/MD5 checksum: 631 06d702bf602bdf36e76ccf1d293e2755\n http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.6.diff.gz\n Size/MD5 checksum: 39425 bbc79b4a3b51c3407642a909924636b3\n http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz\n Size/MD5 checksum: 1892089 99d22f1d4d23ff8b927f94a9df3997b4\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_alpha.deb\n Size/MD5 checksum: 497428 d7f43468426f4937d9f6f4f200b62ac4\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_arm.deb\n Size/MD5 checksum: 402790 3b6d0893487c55369771219423b8acf0\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_i386.deb\n Size/MD5 checksum: 400034 11c30a4af4fb8f00848aff98caf4a721\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_m68k.deb\n Size/MD5 checksum: 377034 5bc6aa7ce2c912bf6b306db88044e58d\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_mips.deb\n Size/MD5 checksum: 412864 ca4c4ace9a42844cfd93320f6438895a\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_mipsel.deb\n Size/MD5 checksum: 407678 ca10a64a6c760d2e45f2a1cdfa33ed1e\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_powerpc.deb\n Size/MD5 checksum: 425740 106ba99bf991c3e8864d414be25a92e4\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_sparc.deb\n Size/MD5 checksum: 412474 1abb2a98b00c638cf88cead55ec5959f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-11-04T12:08:28", "type": "debian", "title": "[SECURITY] [DSA 882-1] New OpenSSL packages fix cryptographic weakness", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-11-04T12:08:28", "id": "DEBIAN:DSA-882-1:E2C87", "href": "https://lists.debian.org/debian-security-announce/2005/msg00278.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-27T13:56:07", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 888-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nNovember 7th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : cryptographic weakness\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2969\n\nYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8.dsc\n Size/MD5 checksum: 632 0f3990f71f6773a516a413c393fc6604\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8.diff.gz\n Size/MD5 checksum: 45527 30aa51e1f88c95e086f7918a47fe8f5c\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz\n Size/MD5 checksum: 2153980 c8261d93317635d56df55650c6aeb3dc\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.8_all.deb\n Size/MD5 checksum: 982 71fd036f7135cd3e68c4cf33ed7e2976\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_alpha.deb\n Size/MD5 checksum: 1551638 2f5d722aa4b7c7bd6c9908a3998b6420\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_alpha.deb\n Size/MD5 checksum: 571552 5e94a096f7569a2e18f82a697908d230\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_alpha.deb\n Size/MD5 checksum: 736780 2f964e236883e2c8ed7ad2d28ed2bc6b\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_arm.deb\n Size/MD5 checksum: 1358314 c2f4acf9994dd42ae0373c34163b6a96\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_arm.deb\n Size/MD5 checksum: 474348 bc3950a119bd05ab4602fc1aae42f6c0\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_arm.deb\n Size/MD5 checksum: 730164 c5cc5638fb9ca1583cc23602b61a6dc7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_i386.deb\n Size/MD5 checksum: 1289480 0d32fea022a7896b321d673a9138c90f\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_i386.deb\n Size/MD5 checksum: 461972 970aa086b6758741b4cbbf32e94572a1\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_i386.deb\n Size/MD5 checksum: 717322 88a3bcb5d1b4330fb25c95b5c7f95bd3\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_ia64.deb\n Size/MD5 checksum: 1615580 e66ad48cf480c87a965cad2dadde3074\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_ia64.deb\n Size/MD5 checksum: 711412 a7ff065df8383c36ee0e265d889df450\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_ia64.deb\n Size/MD5 checksum: 763808 a62f8d33db6e9bc3e770dfd3f23fe70f\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_hppa.deb\n Size/MD5 checksum: 1435394 5d5be2d74a8035fdee039237f93ad267\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_hppa.deb\n Size/MD5 checksum: 565228 aa3bfa3d333195f59b637d434cc0e4d7\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_hppa.deb\n Size/MD5 checksum: 742192 51644d86e15c7bac4d005e57881c6627\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_m68k.deb\n Size/MD5 checksum: 1266800 9973441879b98558d95904e0f2798f7c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_m68k.deb\n Size/MD5 checksum: 450948 7f7199530678b922e3b9499a9e3c9107\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_m68k.deb\n Size/MD5 checksum: 720758 87053610447971c8923160df9ae48304\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_mips.deb\n Size/MD5 checksum: 1415426 5a9625c92cdf9f54f532806278cf7b71\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_mips.deb\n Size/MD5 checksum: 483940 4c322f1697e1cd5c701b8870417d5604\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_mips.deb\n Size/MD5 checksum: 717966 8ce534b83ec7fc69878fbb032562db7f\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_mipsel.deb\n Size/MD5 checksum: 1409820 335f3bfc4afadc7099dd81ca655f43ab\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_mipsel.deb\n Size/MD5 checksum: 476994 4e51fa71c3feb9871eae6d3620d97a88\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_mipsel.deb\n Size/MD5 checksum: 717282 74f673dc3d93ab31316c266647e236f8\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_powerpc.deb\n Size/MD5 checksum: 1387860 8c150c04059434d276d9be72e60a33d5\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_powerpc.deb\n Size/MD5 checksum: 502762 bc0b6913643d3a49410b2e8b991a2612\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_powerpc.deb\n Size/MD5 checksum: 727200 942fccc855f790681ff55792595a0e9e\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_s390.deb\n Size/MD5 checksum: 1326764 f0e3604fd60501387dd64d147ed2b399\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_s390.deb\n Size/MD5 checksum: 510774 4720d8b0c5b4a4989941af6af448f1c8\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_s390.deb\n Size/MD5 checksum: 731906 e087d1292d906a027bd18f8ba64bcaa7\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_sparc.deb\n Size/MD5 checksum: 1344478 462215d04cdc46df9d3c30ca9809ad0c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_sparc.deb\n Size/MD5 checksum: 485082 d5bf47809f860074a30d1925ec260471\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_sparc.deb\n Size/MD5 checksum: 737538 bd16a927946e42e9388c10c6caab2471\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1.dsc\n Size/MD5 checksum: 639 1d4fe852d85c23ee4befe3b69ad11f42\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1.diff.gz\n Size/MD5 checksum: 27134 40b781ed5e9b5da015d3d17621378c75\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz\n Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_alpha.deb\n Size/MD5 checksum: 3339042 08256d8f24f46888c8d851e7a7717d03\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_alpha.deb\n Size/MD5 checksum: 2445184 1c9cfeaa0af4cfe1e412342afb315028\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_alpha.deb\n Size/MD5 checksum: 929866 89c795ae3258886e24dc3c05b0317c0d\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_amd64.deb\n Size/MD5 checksum: 2693256 1c9d25d3ca61d64cc55cefbd53543984\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_amd64.deb\n Size/MD5 checksum: 769270 444bbc7046101472d4a0d918e258c15c\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_amd64.deb\n Size/MD5 checksum: 903332 901d18551ad23f7c95489589aecc9394\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_arm.deb\n Size/MD5 checksum: 2554838 9da71c016a4c19c4766022b75b6c9b1c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_arm.deb\n Size/MD5 checksum: 689386 9d607bbe307f6b050865cdccee0e8b2b\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_arm.deb\n Size/MD5 checksum: 893800 fb067120630f9638363b8ee7fd133110\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_i386.deb\n Size/MD5 checksum: 2551894 c9a047ff0bb105d5dbf150370746044a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_i386.deb\n Size/MD5 checksum: 2262314 ecd5cfaa6085cdd73f15ffff1e2780a9\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_i386.deb\n Size/MD5 checksum: 902214 eb49dbdd0b9bc19342000833eafc422a\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_ia64.deb\n Size/MD5 checksum: 3394806 d165b3284eab212f0a90c3d7aa9d274c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_ia64.deb\n Size/MD5 checksum: 1037634 6901a41b294cc7446a5d8b36037fb09c\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_ia64.deb\n Size/MD5 checksum: 974704 3bd5964f5a7543e3ed589584362ab5b5\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_hppa.deb\n Size/MD5 checksum: 2695182 889bafc3edbc895e4abeb548e16a2218\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_hppa.deb\n Size/MD5 checksum: 790356 cda81a66041c3948d0b04a811fd5e78f\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_hppa.deb\n Size/MD5 checksum: 914154 e06f637b72ad3ef60f9bd1dcafd28b1f\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_m68k.deb\n Size/MD5 checksum: 2316264 22c140d007c3ae174925621468a39cb1\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_m68k.deb\n Size/MD5 checksum: 661018 7f67414f0791fc985541378bb55dc7bb\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_m68k.deb\n Size/MD5 checksum: 889428 22cb29e59ffcbae25cea4db0d27115ad\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_mips.deb\n Size/MD5 checksum: 2778266 f467fff7ed6cbefbc672dd7751473596\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_mips.deb\n Size/MD5 checksum: 705794 9a63ff8605fd3f2759e78a9a8081d478\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_mips.deb\n Size/MD5 checksum: 896400 f1e1f16d6b5857a4bce14ca8bd5bc736\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_mipsel.deb\n Size/MD5 checksum: 2765942 34c72af7ae700c9583a11c3044f942d4\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_mipsel.deb\n Size/MD5 checksum: 693754 0052d22ab3dafb44b5fbd7978d83a814\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_mipsel.deb\n Size/MD5 checksum: 895542 0901349aab6ab6231b530475b4669ea6\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_powerpc.deb\n Size/MD5 checksum: 2775598 1f2e461d360e3cc8e33d5cd866f9e1d0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_powerpc.deb\n Size/MD5 checksum: 778892 ddd9238eafb70e31b4fb991909a5bdb8\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_powerpc.deb\n Size/MD5 checksum: 908056 5f601e19f91dcdc08541277a42592d5a\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_s390.deb\n Size/MD5 checksum: 2716890 7aa32958f3d1631ac8774ce26ed718f0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_s390.deb\n Size/MD5 checksum: 813422 bc2cffe3bcac2ac971d3cbaf7f3e02ea\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_s390.deb\n Size/MD5 checksum: 918200 a2d0be567be281c9e6af34fd49c89ec8\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_sparc.deb\n Size/MD5 checksum: 2629110 35c2e695c12fd379bfa100347f0641b2\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_sparc.deb\n Size/MD5 checksum: 1883990 b432d0bfa5408215a68fc3260e5c3f4a\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_sparc.deb\n Size/MD5 checksum: 924138 203d2f9a8068fb193a72d610df41f045\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-11-07T19:06:00", "type": "debian", "title": "[SECURITY] [DSA 888-1] New OpenSSL packages fix cryptographic weakness", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-11-07T19:06:00", "id": "DEBIAN:DSA-888-1:F9951", "href": "https://lists.debian.org/debian-security-announce/2005/msg00285.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T03:01:37", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 875-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 27th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl094\nVulnerability : cryptographic weakness\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2969\n\nYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.dsc\n Size/MD5 checksum: 624 2989b7b16a146a2f9a6ca52887bb2c3f\n http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.diff.gz\n Size/MD5 checksum: 47116 a4db6a4e53d8f8703da86774768cb21c\n http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz\n Size/MD5 checksum: 1570392 72544daea16d6c99d656b95f77b01b2d\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_alpha.deb\n Size/MD5 checksum: 445816 1eaa00c5cee084727d23a8169acdb705\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_i386.deb\n Size/MD5 checksum: 358626 2d3f09ec2222ac497180a01facea470c\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_powerpc.deb\n Size/MD5 checksum: 378870 58d0d41fa2005b5d05f49c557023c466\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-10-27T08:57:14", "type": "debian", "title": "[SECURITY] [DSA 875-1] New OpenSSL packages fix cryptographic weakness", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-27T08:57:14", "id": "DEBIAN:DSA-875-1:180DB", "href": "https://lists.debian.org/debian-security-announce/2005/msg00271.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-27T13:57:21", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 875-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 27th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl094\nVulnerability : cryptographic weakness\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2969\n\nYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.dsc\n Size/MD5 checksum: 624 2989b7b16a146a2f9a6ca52887bb2c3f\n http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.diff.gz\n Size/MD5 checksum: 47116 a4db6a4e53d8f8703da86774768cb21c\n http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz\n Size/MD5 checksum: 1570392 72544daea16d6c99d656b95f77b01b2d\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_alpha.deb\n Size/MD5 checksum: 445816 1eaa00c5cee084727d23a8169acdb705\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_i386.deb\n Size/MD5 checksum: 358626 2d3f09ec2222ac497180a01facea470c\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_powerpc.deb\n Size/MD5 checksum: 378870 58d0d41fa2005b5d05f49c557023c466\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-10-27T08:57:14", "type": "debian", "title": "[SECURITY] [DSA 875-1] New OpenSSL packages fix cryptographic weakness", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-27T08:57:14", "id": "DEBIAN:DSA-875-1:7BDE0", "href": "https://lists.debian.org/debian-security-announce/2005/msg00271.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T03:00:15", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 881-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nNovember 4th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl096\nVulnerability : cryptographic weakness\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2969\n\nYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge1.dsc\n Size/MD5 checksum: 617 ce5f1e232a472723ca68499327b72dbb\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge1.diff.gz\n Size/MD5 checksum: 18775 21461483c9dc895530bedc3b973faa07\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz\n Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_alpha.deb\n Size/MD5 checksum: 1964914 393db230e3682b76c3c9f36eb42264e6\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_amd64.deb\n Size/MD5 checksum: 577924 c07845bb45e5c3b75456f961e336eb13\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_arm.deb\n Size/MD5 checksum: 518534 eea289b8dde19ac6c8c6cf7b30ea4eb1\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_i386.deb\n Size/MD5 checksum: 1754964 7b514ad94e57dc9fd6e4842b2946640d\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_ia64.deb\n Size/MD5 checksum: 814794 0c604b4b2f703c01173d140b95f61cd6\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_hppa.deb\n Size/MD5 checksum: 587272 01cbb27d7021792fd6570b2f466ce41a\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_m68k.deb\n Size/MD5 checksum: 476638 64e57e89c2efbe43db0ee00ae686413b\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_mips.deb\n Size/MD5 checksum: 576718 a05286b7d56e76bb6863987f9428cfa8\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_mipsel.deb\n Size/MD5 checksum: 568608 11f1592d26bc34ed8b2ecae3af730e04\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_powerpc.deb\n Size/MD5 checksum: 582352 48a678cc33b6b253be1dff5d8d7d23da\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_s390.deb\n Size/MD5 checksum: 602274 4b926097074513294652c4bef75f1f4f\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_sparc.deb\n Size/MD5 checksum: 1458254 29c66b77c695f27f4f38dbdfbd51d320\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-11-04T11:03:18", "type": "debian", "title": "[SECURITY] [DSA 881-1] New OpenSSL 0.9.6 packages fix cryptographic weakness", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-11-04T11:03:18", "id": "DEBIAN:DSA-881-1:DF86E", "href": "https://lists.debian.org/debian-security-announce/2005/msg00277.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-27T13:57:00", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 881-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nNovember 4th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl096\nVulnerability : cryptographic weakness\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2969\n\nYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge1.dsc\n Size/MD5 checksum: 617 ce5f1e232a472723ca68499327b72dbb\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge1.diff.gz\n Size/MD5 checksum: 18775 21461483c9dc895530bedc3b973faa07\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz\n Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_alpha.deb\n Size/MD5 checksum: 1964914 393db230e3682b76c3c9f36eb42264e6\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_amd64.deb\n Size/MD5 checksum: 577924 c07845bb45e5c3b75456f961e336eb13\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_arm.deb\n Size/MD5 checksum: 518534 eea289b8dde19ac6c8c6cf7b30ea4eb1\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_i386.deb\n Size/MD5 checksum: 1754964 7b514ad94e57dc9fd6e4842b2946640d\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_ia64.deb\n Size/MD5 checksum: 814794 0c604b4b2f703c01173d140b95f61cd6\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_hppa.deb\n Size/MD5 checksum: 587272 01cbb27d7021792fd6570b2f466ce41a\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_m68k.deb\n Size/MD5 checksum: 476638 64e57e89c2efbe43db0ee00ae686413b\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_mips.deb\n Size/MD5 checksum: 576718 a05286b7d56e76bb6863987f9428cfa8\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_mipsel.deb\n Size/MD5 checksum: 568608 11f1592d26bc34ed8b2ecae3af730e04\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_powerpc.deb\n Size/MD5 checksum: 582352 48a678cc33b6b253be1dff5d8d7d23da\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_s390.deb\n Size/MD5 checksum: 602274 4b926097074513294652c4bef75f1f4f\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_sparc.deb\n Size/MD5 checksum: 1458254 29c66b77c695f27f4f38dbdfbd51d320\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-11-04T11:03:18", "type": "debian", "title": "[SECURITY] [DSA 881-1] New OpenSSL 0.9.6 packages fix cryptographic weakness", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-11-04T11:03:18", "id": "DEBIAN:DSA-881-1:74299", "href": "https://lists.debian.org/debian-security-announce/2005/msg00277.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T02:54:07", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 915-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 2nd, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : helix-player\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2629\nBugTraq ID : 15381\n\nAn integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.\n\nThis vulnerability is fixed by version 1.0.6-1 in unstable.\nHelix-player is not currently in the testing distribution.\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.\n\nWe recommend that you upgrade your helix-player package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.dsc\n Size/MD5 checksum: 908 5abe49b8d746b78b1f70016382d44a35\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.diff.gz\n Size/MD5 checksum: 9113 b7103af4ca93cb52cd548a4f7da43c3b\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz\n Size/MD5 checksum: 18044552 a277710be35426b317869503a4ad36d7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_i386.deb\n Size/MD5 checksum: 4289142 afe49d505b51edefe6b66e92720e9a62\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_powerpc.deb\n Size/MD5 checksum: 4415648 9a9ad7733abed7ffcd6c69ce366d576c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-12-02T06:35:30", "type": "debian", "title": "[SECURITY] [DSA 915-1] New helix-player packages fix arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2629"], "modified": "2005-12-02T06:35:30", "id": "DEBIAN:DSA-915-1:F05AD", "href": "https://lists.debian.org/debian-security-announce/2005/msg00316.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T13:54:28", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 915-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 2nd, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : helix-player\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2629\nBugTraq ID : 15381\n\nAn integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.\n\nThis vulnerability is fixed by version 1.0.6-1 in unstable.\nHelix-player is not currently in the testing distribution.\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.\n\nWe recommend that you upgrade your helix-player package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.dsc\n Size/MD5 checksum: 908 5abe49b8d746b78b1f70016382d44a35\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.diff.gz\n Size/MD5 checksum: 9113 b7103af4ca93cb52cd548a4f7da43c3b\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz\n Size/MD5 checksum: 18044552 a277710be35426b317869503a4ad36d7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_i386.deb\n Size/MD5 checksum: 4289142 afe49d505b51edefe6b66e92720e9a62\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_powerpc.deb\n Size/MD5 checksum: 4415648 9a9ad7733abed7ffcd6c69ce366d576c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-12-02T06:35:30", "type": "debian", "title": "[SECURITY] [DSA 915-1] New helix-player packages fix arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2629"], "modified": "2005-12-02T06:35:30", "id": "DEBIAN:DSA-915-1:5BCBD", "href": "https://lists.debian.org/debian-security-announce/2005/msg00316.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T03:08:28", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 826-1 security@debian.org\nhttp://www.debian.org/security/ Michael Stone\nSeptember 29th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : helix-player\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CAN-2005-1766 CAN-2005-2710\nDebian Bug : 316276 330364\n\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\nCAN-2005-1766\n\n Buffer overflow in the RealText parser could allow remote code\n execution via a specially crafted RealMedia file with a long\n RealText string.\n\nCAN-2005-2710\n\n Format string vulnerability in Real HelixPlayer and RealPlayer 10\n allows remote attackers to execute arbitrary code via the image\n handle attribute in a RealPix (.rp) or RealText (.rt) file.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.6-1\n\nWe recommend that you upgrade your helix-player package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\nhelix-player was distributed only on the i386 and powerpc architecures\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.dsc\n Size/MD5 checksum: 908 6ff062a280bab4db79c04e08278e28d6\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.diff.gz\n Size/MD5 checksum: 7788 1e3280253e2d60701b28b153863b2fd0\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz\n Size/MD5 checksum: 18044552 a277710be35426b317869503a4ad36d7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_i386.deb\n Size/MD5 checksum: 4289094 b3d2934818a2139f309f77e4acd50e3d\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_powerpc.deb\n Size/MD5 checksum: 4415404 f771482fd671da4848d6a496df128f69\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-09-29T23:56:37", "type": "debian", "title": "[SECURITY] [DSA 826-1] New helix-player packages fix multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1766", "CVE-2005-2710"], "modified": "2005-09-29T23:56:37", "id": "DEBIAN:DSA-826-1:FD2FD", "href": "https://lists.debian.org/debian-security-announce/2005/msg00218.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T14:11:02", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 826-1 security@debian.org\nhttp://www.debian.org/security/ Michael Stone\nSeptember 29th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : helix-player\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CAN-2005-1766 CAN-2005-2710\nDebian Bug : 316276 330364\n\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\nCAN-2005-1766\n\n Buffer overflow in the RealText parser could allow remote code\n execution via a specially crafted RealMedia file with a long\n RealText string.\n\nCAN-2005-2710\n\n Format string vulnerability in Real HelixPlayer and RealPlayer 10\n allows remote attackers to execute arbitrary code via the image\n handle attribute in a RealPix (.rp) or RealText (.rt) file.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.6-1\n\nWe recommend that you upgrade your helix-player package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\nhelix-player was distributed only on the i386 and powerpc architecures\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.dsc\n Size/MD5 checksum: 908 6ff062a280bab4db79c04e08278e28d6\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.diff.gz\n Size/MD5 checksum: 7788 1e3280253e2d60701b28b153863b2fd0\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz\n Size/MD5 checksum: 18044552 a277710be35426b317869503a4ad36d7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_i386.deb\n Size/MD5 checksum: 4289094 b3d2934818a2139f309f77e4acd50e3d\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_powerpc.deb\n Size/MD5 checksum: 4415404 f771482fd671da4848d6a496df128f69\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-09-29T23:56:37", "type": "debian", "title": "[SECURITY] [DSA 826-1] New helix-player packages fix multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1766", "CVE-2005-2710"], "modified": "2005-09-29T23:56:37", "id": "DEBIAN:DSA-826-1:B8F64", "href": "https://lists.debian.org/debian-security-announce/2005/msg00218.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2021-06-08T18:49:14", "description": "It is possible that customers using non-default SSL options could be exposed to this vulnerability in the BIG-IP LTM Configuration utility, SSL terminating virtual servers, and bundled utilities.\n\nF5 tracked this problem as CR55070, CR55145, CR55203, CR55204, CR55283, CR55426, CR55588, and CR63465, and it was fixed in BIG-IP version 9.1.1, BIG-IP version 9.2.2, and FirePass version 6.0.0. For information about upgrading, refer to the release notes for your product and version.\n\n### Obtaining and installing patches\n\n**BIG-IP LTM version 9.0.4**\n\nTo download and install the patch, perform the following steps:\n\n 1. From the F5 [Downloads](<https://downloads.f5.com>) page, download the **Hotfix-BIG-IP-9.0.4-CR55070.im** file to the **/var/tmp** directory on the BIG-IP LTM system. \n\n 2. Install the patch by typing the following command:\n\nim Hotfix-BIG-IP-9.0.4-CR55070.im\n\n**BIG-IP LTM version 9.0.5**\n\nTo download and install the patch, perform the following steps:\n\n 1. From the F5 [Downloads](<https://downloads.f5.com>) page, download the **Hotfix-BIG-IP-9.0.5-CR55070.im** file to the **/var/tmp** directory on the BIG-IP LTM system. \n\n 2. Install the patch by typing the following command:\n\nim Hotfix-BIG-IP-9.0.5-CR55070.im\n\n**BIG-IP LTM version 9.1.0**\n\nTo download and install the patch, perform the following steps:\n\n 1. From the F5 [Downloads](<https://downloads.f5.com>) page, download the **Hotfix-BIG-IP-9.1.0-CR55070.im** file to the **/var/tmp** directory on the BIG-IP LTM system. \n\n 2. Install the patch by typing the following command:\n\nim Hotfix-BIG-IP-9.1.0-CR55070.im\n\n**BIG-IP LTM version 9.2.0**\n\nTo download and install the patch, perform the following steps:\n\n 1. From the F5 [Downloads](<https://downloads.f5.com>) page, download the **Hotfix-BIG-IP-9.2.0-CR55070.im** file to the **/var/tmp** directory on the BIG-IP LTM system. \n\n 2. Install the patch by typing the following command:\n\nim Hotfix-BIG-IP-9.2.0-CR55070.im\n\n### Workarounds\n\n**FirePass versions 5.0.0 through 5.5.1**\n\nTo protect FirePass against the possibility of a protocol version rollback attack, disable all protocols weaker than SSLv3/TLS using the following procedure:\n\n 1. Log in to the FirePass Administrative Console.\n 2. In the main navigation pane, select **Device Management**.\n 3. In the upper navigation pane, select **Security**.\n 4. In the sub-menu, select **User Access Security**.\n 5. Select the **Accept only SSLv3 and TLS protocols (maximize security)** check box. \n\n 6. Click the **Update** button.\n", "cvss3": {}, "published": "2007-05-16T00:00:00", "type": "f5", "title": "SOL5533 - Potential protocol version rollback vulnerability in OpenSSL - CVE-2005-2969", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2013-03-28T00:00:00", "id": "SOL5533", "href": "http://support.f5.com/kb/en-us/solutions/public/5000/500/sol5533.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2023-04-06T21:43:36", "description": "**Note**: For information about signing up to receive security notice updates from F5, refer to [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>).\n\n**Note**: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n**F5 products and versions that have been evaluated for this Security Advisory**\n\nProduct | Affected | Not Affected \n---|---|--- \nBIG-IP LTM | 9.0.0 - 9.1.0 \n9.2.0 | 9.1.1 - 9.1.3 \n9.2.2 - 9.2.5 \n9.3.x \n9.4.x \n9.6.x \n10.x \n11.x \nBIG-IP GTM | None | 9.2.2 - 9.2.5 \n9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP ASM | 9.2.0 | 9.2.2 - 9.2.5 \n9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP Link Controller | None | 9.2.2 - 9.2.5 \n9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP WebAccelerator | None | 9.4.x \n10.x \n11.x \nBIG-IP PSM | None | 9.4.x \n10.x \n11.x \nBIG-IP WAN Optimization | None | 10.x \n11.x \nBIG-IP APM | None | 10.x \n11.x \nBIG-IP Edge Gateway | None | 10.x \n11.x \nBIG-IP Analytics | None | 11.x \nBIG-IP AFM | None | 11.x \nBIG-IP PEM | None | 11.x \nFirePass | 3.x \n4.x \n5.x | 6.x \n7.x \nEnterprise Manager | None | 1.2.0 - 1.8.0 \n2.x \n3.x \n \nIt is possible that customers using non-default SSL options could be exposed to this vulnerability in the BIG-IP LTM Configuration utility, SSL terminating virtual servers, and bundled utilities.\n\nF5 tracked this problem as CR55070, CR55145, CR55203, CR55204, CR55283, CR55426, CR55588, and CR63465, and it was fixed in BIG-IP version 9.1.1, BIG-IP version 9.2.2, and FirePass version 6.0.0. For information about upgrading, refer to the release notes for your product and version.\n\n### Obtaining and installing patches\n\n**BIG-IP LTM version 9.0.4**\n\nTo download and install the patch, perform the following steps:\n\n 1. From the F5 [Downloads](<https://downloads.f5.com>) page, download the **Hotfix-BIG-IP-9.0.4-CR55070.im** file to the **/var/tmp** directory on the BIG-IP LTM system. \n \n 2. Install the patch by typing the following command:\n\nim Hotfix-BIG-IP-9.0.4-CR55070.im\n\n**BIG-IP LTM version 9.0.5**\n\nTo download and install the patch, perform the following steps:\n\n 1. From the F5 [Downloads](<https://downloads.f5.com>) page, download the **Hotfix-BIG-IP-9.0.5-CR55070.im** file to the **/var/tmp** directory on the BIG-IP LTM system. \n \n 2. Install the patch by typing the following command:\n\nim Hotfix-BIG-IP-9.0.5-CR55070.im\n\n**BIG-IP LTM version 9.1.0**\n\nTo download and install the patch, perform the following steps:\n\n 1. From the F5 [Downloads](<https://downloads.f5.com>) page, download the **Hotfix-BIG-IP-9.1.0-CR55070.im** file to the **/var/tmp** directory on the BIG-IP LTM system. \n \n 2. Install the patch by typing the following command:\n\nim Hotfix-BIG-IP-9.1.0-CR55070.im\n\n**BIG-IP LTM version 9.2.0**\n\nTo download and install the patch, perform the following steps:\n\n 1. From the F5 [Downloads](<https://downloads.f5.com>) page, download the **Hotfix-BIG-IP-9.2.0-CR55070.im** file to the **/var/tmp** directory on the BIG-IP LTM system. \n \n 2. Install the patch by typing the following command:\n\nim Hotfix-BIG-IP-9.2.0-CR55070.im\n\n### Workarounds\n\n**FirePass versions 5.0.0 through 5.5.1**\n\nTo protect FirePass against the possibility of a protocol version rollback attack, disable all protocols weaker than SSLv3/TLS using the following procedure:\n\n 1. Log in to the FirePass Administrative Console.\n 2. In the main navigation pane, select **Device Management**.\n 3. In the upper navigation pane, select **Security**.\n 4. In the sub-menu, select **User Access Security**.\n 5. Select the **Accept only SSLv3 and TLS protocols (maximize security)** check box. \n\n 6. Click the **Update** button.\n", "cvss3": {}, "published": "2007-05-17T00:00:00", "type": "f5", "title": "Potential protocol version rollback vulnerability in OpenSSL - CVE-2005-2969", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2016-01-08T23:09:00", "id": "F5:K5533", "href": "https://support.f5.com/csp/article/K5533", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-11-28T14:43:37", "description": "The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.", "cvss3": {}, "published": "2005-10-18T21:02:00", "type": "cve", "title": "CVE-2005-2969", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2018-05-03T01:29:00", "cpe": ["cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:0.9.7f"], "id": "CVE-2005-2969", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:42:32", "description": "Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.", "cvss3": {}, "published": "2005-09-27T20:03:00", "type": "cve", "title": "CVE-2005-2710", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2710"], "modified": "2017-10-11T01:30:00", "cpe": ["cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:helix_player:*"], "id": "CVE-2005-2710", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2710", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:43:25", "description": "Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.", "cvss3": {}, "published": "2005-12-31T05:00:00", "type": "cve", "title": "CVE-2005-2922", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2017-10-11T01:30:00", "cpe": ["cpe:/a:realnetworks:realplayer:10.0.5", "cpe:/a:realnetworks:helix_player:10.0.1", "cpe:/a:realnetworks:realone_player:1.0", "cpe:/a:realnetworks:realplayer:8.0", "cpe:/a:realnetworks:realone_player:0.297", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053", "cpe:/a:realnetworks:helix_player:10.0.2", "cpe:/a:realnetworks:realone_player:*", "cpe:/a:realnetworks:realplayer:10.0.3", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:helix_player:10.0.3", "cpe:/a:realnetworks:helix_player:10.0.4", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1059", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1056", "cpe:/a:realnetworks:realplayer:10.0.2", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:rhapsody:3.0", "cpe:/a:realnetworks:helix_player:10.0.6", "cpe:/a:realnetworks:realplayer:10.0.0.305", "cpe:/a:realnetworks:helix_player:10.0.5", "cpe:/a:realnetworks:realplayer:10.0.4", "cpe:/a:realnetworks:realplayer:10.0.0.331", "cpe:/a:realnetworks:helix_player:10.0", "cpe:/a:realnetworks:rhapsody:3.0_build_0.815", "cpe:/a:realnetworks:realplayer:10.0.6", "cpe:/a:realnetworks:realplayer:10.0.1", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1069", "cpe:/a:realnetworks:realone_player:0.288", "cpe:/a:realnetworks:realplayer:*", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1235"], "id": "CVE-2005-2922", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2922", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:realnetworks:helix_player:10.0.2:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.5:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.0.305:*:mac_os:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.6:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.0.331:*:mac_os:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.4:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:rhapsody:3.0_build_0.815:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.4:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.5:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.2:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:0.288:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:rhapsody:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:0.297:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:42:15", "description": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.", "cvss3": {}, "published": "2005-11-18T23:03:00", "type": "cve", "title": "CVE-2005-2629", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2004-1481", "CVE-2005-2629"], "modified": "2018-05-03T01:29:00", "cpe": ["cpe:/a:realnetworks:helix_player:1.0.2", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1235", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1059", "cpe:/a:realnetworks:helix_player:1.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1056", "cpe:/a:realnetworks:helix_player:1.0.1", "cpe:/a:realnetworks:helix_player:1.0.4", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1069", "cpe:/a:realnetworks:realplayer:*", "cpe:/a:realnetworks:realone_player:1.0", "cpe:/a:realnetworks:helix_player:1.0.5", "cpe:/a:realnetworks:realplayer:8.0", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:helix_player:1.0.3", "cpe:/a:realnetworks:realone_player:2.0"], "id": "CVE-2005-2629", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2629", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:realnetworks:realplayer:10.0:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0.4:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0.2:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0.5:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:46:30", "description": "Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.", "cvss3": {}, "published": "2005-11-18T23:03:00", "type": "cve", "title": "CVE-2005-3677", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2629", "CVE-2005-2630", "CVE-2005-3677"], "modified": "2016-10-18T03:36:00", "cpe": ["cpe:/a:realnetworks:realplayer:10.5_6.0.12.1059", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1056", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1069", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1235"], "id": "CVE-2005-3677", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3677", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-11-28T15:20:04", "description": "The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.", "cvss3": {}, "published": "2005-10-18T21:02:00", "type": "debiancve", "title": "CVE-2005-2969", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-18T21:02:00", "id": "DEBIANCVE:CVE-2005-2969", "href": "https://security-tracker.debian.org/tracker/CVE-2005-2969", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2023-11-28T16:05:56", "description": "The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8\nbefore 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option,\ndisables a verification step that is required for preventing protocol\nversion rollback attacks, which allows remote attackers to force a client\nand server to use a weaker protocol than needed via a man-in-the-middle\nattack.", "cvss3": {}, "published": "2005-10-18T00:00:00", "type": "ubuntucve", "title": "CVE-2005-2969", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-18T00:00:00", "id": "UB:CVE-2005-2969", "href": "https://ubuntu.com/security/CVE-2005-2969", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T16:05:34", "description": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player\n1 and 2, and Helix Player 10.0.0 allows remote attackers to execute\narbitrary code via an .rm movie file with a large value in the length field\nof the first data packet, which leads to a stack-based buffer overflow, a\ndifferent vulnerability than CVE-2004-1481.", "cvss3": {}, "published": "2005-11-18T00:00:00", "type": "ubuntucve", "title": "CVE-2005-2629", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2004-1481", "CVE-2005-2629"], "modified": "2005-11-18T00:00:00", "id": "UB:CVE-2005-2629", "href": "https://ubuntu.com/security/CVE-2005-2629", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2023-11-28T15:28:16", "description": "### Overview\n\nHelix Player, and media players based on the Helix Player, contain a format string vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\nHelix Player is used to play various types of media files on UNIX systems. The Helix Media Player contains a format string vulnerability in the routines that handle media files. A remote attacker can exploit this vulnerability by persuading a user to access a specially crafted media file, such as a realpix (*.rp) or realtext (*.rt) file. In addition, web browsers can be configured to automatically launch the Helix Player when media content is encountered, thus an attack may be triggered by visiting a malicious website.\n\nThis issue also affects media players based on the Helix Player, including Real Player for Linux systems. Note there is publicly available exploit code for this vulnerability. \n \n--- \n \n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the Helix Media Player process. \n \n--- \n \n### Solution\n\n**Upgrade **\n\nThis vulnerability was corrected in Helix Player [1.0.6](<https://player.helixcommunity.org/2005/releases/hx1gold/HX1_0_6ReleaseNotes.html>) and Real Player [10](<http://www.real.com/linux>) for Linux. \n \n--- \n \n**Do not access media files from untrusted sources** \n \nAccessing media files from trusted or known sources only will reduce the chances of exploitation.\n\n \n**Disable Helix Player or Real Player for Linux support in the web browser** \n \nConfiguring a web browser to not automatically launch the Helix Player when media content is encountered will reduce the chances of exploitation. \n \n--- \n \n### Vendor Information\n\n361181\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian Linux __ Affected\n\nUpdated: September 30, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see <http://www.debian.org/security/2005/dsa-826>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23361181 Feedback>).\n\n### RealNetworks, Inc. Affected\n\nUpdated: September 30, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. __ Affected\n\nUpdated: September 29, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nUpdated Helixplayer packages for Red Hat Enterprise Linux 4 and updated RealPlayer packages for Red Hat Enterprise Linux Extras (version 3 and version 4) to correct this issue are available at the URL below and by using the Red Hat Network 'up2date' tool.\n\n<http://rhn.redhat.com/errata/CAN-2005-2710.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <https://player.helixcommunity.org/2005/releases/hx1gold/HX1_0_6ReleaseNotes.html>\n * <http://service.real.com/help/faq/security/050930_player/EN/>\n * <http://www.redhat.com/support/errata/RHSA-2005-788.html>\n * <http://secunia.com/advisories/16954/>\n * <http://secunia.com/advisories/16961/>\n * [http://www.idefense.com/application/poi/display?id=311&type=vulnerabilities&flashstatus=true](<http://www.idefense.com/application/poi/display?id=311&type=vulnerabilities&flashstatus=true>)\n\n### Acknowledgements\n\nThis vulnerability was reported by c0ntexb.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-2710](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-2710>) \n---|--- \n**Severity Metric:** | 12.58 \n**Date Public:** | 2005-09-26 \n**Date First Published:** | 2005-09-28 \n**Date Last Updated: ** | 2005-10-04 19:46 UTC \n**Document Revision: ** | 54 \n", "cvss3": {}, "published": "2005-09-28T00:00:00", "type": "cert", "title": "Helix Player format string vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2710"], "modified": "2005-10-04T19:46:00", "id": "VU:361181", "href": "https://www.kb.cert.org/vuls/id/361181", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T15:28:07", "description": "### Overview\n\nNumerous RealNetworks products do not properly handle chunked data. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**RealNetworks RealPlayer**\n\nRealNetworks [RealPlayer](<http://www.real.com/>) is a multimedia application that allows users to view local and remote audio/video content. \n \n**Chunked Encoding** \n \nChunked encoding is a means to transfer variable-sized units of data (called chunks) from a web client to a web server. \n \n**The Problem** \n \nNumerous RealNetworks products fail to properly handle file chunks allowing a buffer overflow to occur. By persuading a user to access a RealPlayer file hosted on a malicious server, a remote attacker may be able to execute arbitrary code. \n \n**Considerations** \n \nA complete list of affected software is available in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n### Impact\n\nBy convincing a user to open RealPlayer file hosted on a malicious server, a remote unauthenticated attacker can execute arbitrary code. \n \n--- \n \n### Solution\n\n**Patch RealPlayer**\n\nApply the patches supplied in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n**Disable RealPlayer in your web browser**\n\n \nAn attacker may be able to exploit this vulnerability by persuading a user to access a RealPlayer file with a web browser. Disabling RealPlayer in the web browser will eliminate this attack vector thereby reducing the chances of exploitation. \n \nTo disable RealPlayer in Microsoft Internet Explorer, disable the RealPlayer ActiveX control. In other web browsers, such as Mozilla Firefox, disable the RealPlayer plugin. \n \n--- \n \n### Vendor Information\n\n172489\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### RealNetworks, Inc. __ Affected\n\nUpdated: April 05, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://service.real.com/realplayer/security/03162006_player/en/>. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23172489 Feedback>).\n\n### Red Hat, Inc. __ Affected\n\nUpdated: May 17, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis issue affected HelixPlayer in Red Hat Enterprise Linux 4, and RealPlayer in Red Hat Enterprise Linux Extras 3 and 4. Updated packages are available along with our advisories at the URL below and by using the Red Hat Network 'up2date' tool.\n\n<https://rhn.redhat.com/cve/CVE-2005-2922.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404>\n * <http://securitytracker.com/id?1015808>\n * <http://www.service.real.com/realplayer/security/03162006_player/en/>\n * <http://secunia.com/advisories/19358/>\n * <http://secunia.com/advisories/19365/>\n\n### Acknowledgements\n\nThis vulnerability was reported by iDEFENSE Labs.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-2922](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-2922>) \n---|--- \n**Severity Metric:** | 20.20 \n**Date Public:** | 2006-03-23 \n**Date First Published:** | 2006-04-05 \n**Date Last Updated: ** | 2006-05-17 12:45 UTC \n**Document Revision: ** | 33 \n", "cvss3": {}, "published": "2006-04-05T00:00:00", "type": "cert", "title": "RealNetworks products fail to properly handle chunked data", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-05-17T12:45:00", "id": "VU:172489", "href": "https://www.kb.cert.org/vuls/id/172489", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:14", "description": "RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability \r\n\r\niDEFENSE Security Advisory 09.30.05\r\nwww.idefense.com/application/poi/display?id=311&type=vulnerabilities\r\nSeptember 30, 2005\r\n\r\nI. BACKGROUND\r\n\r\nRealPlayer is an application for playing various media formats,\r\ndeveloped by RealNetworks Inc. For more information, visit\r\nhttp://www.real.com/.\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a format string vulnerability in RealPix (.rp) \r\nfile format parser within various versions of RealNetworks Inc.'s \r\nRealPlayer could allow attackers to execute arbitrary code. \r\n\r\nThe vulnerability specifically exists because of the improper usage of a\r\n\r\nformatted printing function. When a user specifies an invalid value for \r\nthe "timeformat" attribute describing a RealPix file, the data is passed\r\n\r\nto the function. \r\n\r\nThe following stripped down .rp file is sufficient enough to trigger the\r\n\r\nvulnerability: \r\n\r\n <imfl>\r\n <head \r\n title="iDEFENSE Labs RealPix Vulnerability"\r\n timeformat="%n%n%n%n%n%n"/>\r\n </imfl> \r\n\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation allows for arbitrary code execution as the user who opened\r\nthe .rp file.\r\n\r\nExploitation requires an attacker to craft a malicious .rp file and\r\nconvince a user to open it. An attacker could also trick a user to load \r\nthe .rp file from a normal web page under the attacker's control; this \r\nis possible if the user has configured their web browser to handle \r\nRealPlayer formats automatically.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE Labs has confirmed that RealPlayer 10.0.4.750 on Linux is \r\nvulnerable. Windows and Mac versions of RealPlayer are not vulnerable. \r\nFreeBSD versions are suspected vulnerable.\r\n\r\nThe vendor has indicated that the following versions are vulnerable:\r\n Linux RealPlayer 10 (10.0.0 - 10.0.5)\r\n Helix Player (10.0.0 - 10.0.5)\r\n\r\nThe following vendors include susceptible RealPlayer packages within\r\ntheir respective distributions:\r\n\r\n The FreeBSD Project: FreeBSD 5.3 and earlier\r\n Novell Inc.: SuSE Linux 9.2 \r\n Red Hat Inc.: Desktop v.3 and v.4,\r\n Enterprise Linux AS/ES/WS v.3 and v.4 and Fedora Core 3,\r\n Linux 7.3 and 9 \r\n\r\nV. WORKAROUND\r\n\r\nFilter .rp attachments at e-mail gateways. Educate users about the risks\r\n\r\nof accepting files from untrusted individuals.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nThe vendor had released the following advisory for this vulnerability:\r\n\r\n http://service.real.com/help/faq/security/050930_player/EN/\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-2710 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n08/23/2005 Initial vendor notification\r\n09/02/2005 Initial vendor response\r\n09/30/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\niDEFENSE Labs is credited with this discovery.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2005 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2005-09-30T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2005-09-30T00:00:00", "id": "SECURITYVULNS:DOC:9834", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9834", "sourceData": "", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:14", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nOpenSSL Security Advisory [11 October 2005]\r\n\r\nPotential SSL 2.0 Rollback (CAN-2005-2969)\r\n==========================================\r\n\r\nCONTENTS\r\n\r\n - Vulnerability\r\n - Recommendations\r\n - Acknowledgement\r\n - References\r\n\r\n\r\nVulnerability\r\n- -------------\r\n\r\nA vulnerability has been found in all previously released versions of\r\nOpenSSL (all versions up to 0.9.7h and 0.9.8a). Versions 0.9.7h and\r\n0.9.8a have been released to address the issue. The vulnerability\r\npotentially affects applications that use the SSL/TLS server\r\nimplementation provided by OpenSSL.\r\n\r\nSuch applications are affected if they use the option\r\nSSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of\r\nSSL_OP_ALL, which is intended to work around various bugs in\r\nthird-party software that might prevent interoperability. The\r\nSSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in\r\nthe SSL 2.0 server supposed to prevent active protocol-version\r\nrollback attacks. With this verification step disabled, an attacker\r\nacting as a "man in the middle" can force a client and a server to\r\nnegotiate the SSL 2.0 protocol even if these parties both support SSL\r\n3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe\r\ncryptographic weaknesses and is supported as a fallback only.\r\n\r\nApplications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor\r\nSSL_OP_ALL are not affected. Also, applications that disable\r\nuse of SSL 2.0 are not affected.\r\n\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-2969 to this issue.\r\n\r\nRecommendations\r\n- ---------------\r\n\r\nThere are multiple ways to avoid this vulnerability. Any one of the\r\nfollowing measures is sufficient.\r\n\r\n1. Disable SSL 2.0 in the OpenSSL-based application.\r\n\r\n The vulnerability occurs only if the old protocol version SSL 2.0\r\n is enabled both in an OpenSSL server and in any of the clients\r\n (OpenSSL-based or not) connecting to it. Thus, if you have\r\n disabled SSL 2.0, the vulnerability does not apply to you.\r\n Generally, it is strongly recommended to disable the SSL 2.0\r\n protocol because of its known weaknesses.\r\n\r\n2. Upgrade the OpenSSL server software.\r\n\r\n The vulnerability is resolved in the following versions of OpenSSL:\r\n\r\n - in the 0.9.7 branch, version 0.9.7h (or later);\r\n - in the 0.9.8 branch, version 0.9.8a (or later).\r\n\r\n OpenSSL 0.9.8a and OpenSSL 0.9.7h are available for download via\r\n HTTP and FTP from the following master locations (you can find the\r\n various FTP mirrors under http://www.openssl.org/source/mirror.html):\r\n\r\n o http://www.openssl.org/source/\r\n o ftp://ftp.openssl.org/source/\r\n\r\n The distribution file names are:\r\n\r\n o openssl-0.9.8a.tar.gz\r\n MD5 checksum: 1d16c727c10185e4d694f87f5e424ee1\r\n SHA1 checksum: 2aaba0f728179370fb3e86b43209205bc6c06a3a\r\n\r\n o openssl-0.9.7h.tar.gz\r\n MD5 checksum: 8dc90a113eb8925795071fbe52b2932c\r\n SHA1 checksum: 9fe535fce89af967b29c4727dedd25f2b4cc2f0d\r\n \r\n The checksums were calculated using the following commands:\r\n\r\n openssl md5 openssl-0.9*.tar.gz\r\n openssl sha1 openssl-0.9*.tar.gz\r\n\r\n If this version upgrade is not an option at the present time,\r\n alternatively the following patch may be applied to the OpenSSL\r\n source code to resolve the problem. The patch is compatible with\r\n the 0.9.6, 0.9.7, and 0.9.8 branches of OpenSSL.\r\n\r\n o http://www.openssl.org/news/patch-CAN-2005-2969.txt\r\n\r\n Whether you choose to upgrade to a new version or to apply the\r\n patch, make sure to recompile any applications statically linked\r\n to OpenSSL libraries if these applications use the OpenSSL\r\n SSL/TLS server implementation. \r\n\r\n\r\nAcknowledgement\r\n- ---------------\r\n\r\nThe OpenSSL team thank Yutaka Oiwa of the Research Center for\r\nInformation Security, National Institute of Advanced Industrial\r\nScience and Technology (AIST), Japan, for alerting us about this\r\nproblem.\r\n\r\n\r\nReferences\r\n- ----------\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969\r\n\r\nURL for this Security Advisory:\r\nhttp://www.openssl.org/news/secadv_20051011.txt\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.1 (GNU/Linux)\r\n\r\niQCVAwUBQ0ugeO6tTP1JpWPZAQIergP/b70Mx8FXtpxeRh45WAyKLZFulLC9Ztoh\r\n2krQjOrlaXVzrmHZdO3dCInq8/nS8qDkmunhQkswR4IKOhhQY/vbpwGbO/x6NQk3\r\nHGHhjQdacxxPkezpov8cNxnt7VzW7cVxndmhxyhd81KMO+QWE+njIUyWXnCGaG+5\r\nmS5mXZQZoIQ=\r\n=1f/s\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] OpenSSL SSL 2.0 Rollback (CAN-2005-2969)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-11T00:00:00", "id": "SECURITYVULNS:DOC:9901", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9901", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:14", "description": "RealPlayer Data Packet Stack Overflow\r\n\r\nRelease Date:\r\nNovember 10, 2005\r\n\r\nDate Reported:\r\nMay 28, 2005\r\n\r\nSeverity:\r\nHigh (Remote Code Execution)\r\n\r\nVendor:\r\nRealNetworks\r\n\r\nSystems Affected:\r\nWindows:\r\nRealPlayer 10.5 (6.0.12.1040-1235)\r\nRealPlayer 10\r\nRealOne Player v2\r\nRealOne Player v1\r\nRealPlayer 8\r\nRealPlayer Enterprise\r\n \r\nMac:\r\nRealPlayer 10\r\n \r\nLinux:\r\nRealPlayer 10 (10.0.0 - 5)\r\nHelix Player (10.0.0 - 5)\r\n\r\nOverview:\r\neEye Digital Security has discovered a critical vulnerability in\r\nRealPlayer. The vulnerability allows a remote attacker to reliably\r\noverwrite stack memory with arbitrary data and execute arbitrary code in\r\nthe context of the user who executed the player.\r\n\r\nThis specific flaw exists in the first data packet contained in a Real\r\nMedia file. By specially crafting a malformed .rm movie file, a direct\r\nstack overwrite is triggered, and reliable code execution is then\r\npossible.\r\n\r\nTechnical Details:\r\nThe vulnerability is triggered by setting the application specific\r\nlength field of the [data packet + 1] to 0x80 - 0xFF this will cause a\r\nstack overflow.\r\nThe value is sign-extended and passed as the length to memcpy.\r\n\r\nProtection:\r\nRetina Network Security Scanner has been updated to identify this\r\nvulnerability.\r\nBlink End Point Protection proactively protects against this\r\nvulnerability\r\n\r\nVendor Status:\r\nRealNetworks has released a patch for this vulnerability. The patch is\r\navailable via the "Check for Update" menu item under Tools on the\r\nRealPlayer menu bar or from\r\nhttp://service.real.com/realplayer/security/.\r\n\r\nCredit:\r\nKarl Lynn\r\n\r\nRelated Links:\r\nThis advisory has been assigned the following ID numbers;\r\n\r\nEEYEB-20050510\r\nOSVDB ID: 18822\r\nCVE ID: CAN-2005-2629\r\n\r\nGreetings:\r\nBrett Moore, Mark Dowd, Paul Gese @ RealNetworks, Mike Schiffman, AJREZ,\r\nLuke, Derek "TEX" Soeder, Andre Audits, "The Claw", and Dug Song. \r\n\r\nCopyright (c) 1998-2005 eEye Digital Security\r\nPermission is hereby granted for the redistribution of this alert\r\nelectronically. It is not to be edited in any way without express\r\nconsent of eEye. If you wish to reprint the whole or any part of this\r\nalert in any other medium excluding electronic medium, please email\r\nalert@eEye.com for permission.\r\n\r\nDisclaimer\r\nThe information within this paper may change without notice. Use of this\r\ninformation constitutes acceptance for use in an AS IS condition. There\r\nare no warranties, implied or express, with regard to this information.\r\nIn no event shall the author be liable for any direct or indirect\r\ndamages whatsoever arising out of or in connection with the use or\r\nspread of this information. Any use of this information is at the user's\r\nown risk.", "cvss3": {}, "published": "2005-11-11T00:00:00", "type": "securityvulns", "title": "[EEYEB-20050510] - RealPlayer Data Packet Stack Overflow", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2629"], "modified": "2005-11-11T00:00:00", "id": "SECURITYVULNS:DOC:10199", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10199", "sourceData": "", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:16", "description": "RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap \r\nOverflow Vulnerability\r\n\r\niDefense Security Advisory 03.23.06\r\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\r\nMarch 23, 2006\r\n\r\nI. BACKGROUND\r\n\r\nRealPlayer is an application for playing various media formats,\r\ndeveloped by RealNetworks Inc. For more information, visit\r\nhttp://www.real.com/.\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a heap-based buffer overflow in RealNetwork Inc's\r\nRealPlayer could allow the execution of arbitrary code in the context of\r\nthe currently logged in user.\r\n\r\nThe vulnerability specifically exists in the handling of the 'chunked'\r\nTransfer-Encoding method. This method breaks the file the server is\r\nsending up into 'chunks'. For each chunk, the server first sends the\r\nlength of the chunk in hexadecimal, followed by the chunk data. This is\r\nrepeated until there are no more chunks. The server then sends a chunk\r\nlength of 0 indicating the end of the transfer.\r\n\r\nThere are multiple ways of triggering this vulnerability.\r\n\r\n * Sending a well-formed chunk header with a length of -1 (FFFFFFFF)\r\n followed by malicious data.\r\n * Sending a well-formed chunk header with a length specified which \r\nis less\r\n than the amount of data that will be sent,\r\n followed by malicious data.\r\n * Not sending a chunk header before sending malicious data.\r\n\r\nEach of these cases result in a heap overflow. Depending on the versions\r\nused, certain of these cases will not cause exploitable issues. However,\r\nthe last case appears to be reliable in triggering a crash.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation allows a remote attacker to execute arbitrary\r\ncode with the privileges of the currently logged in user. In order to\r\nexploit this vulnerability, an attacker would need to entice a user to\r\nfollow a link to a malicious server. Once the user visits a website\r\nunder the control of an attacker, it is possible in a default install of\r\nRealPlayer to force a web-browser to use RealPlayer to connect to an\r\narbitrary server, even when it is not the default application for\r\nhandling those types, by the use of embedded object tags in a webpage.\r\nThis may allow automated exploitation when the page is viewed.\r\n\r\nAs the client sends its version information as part of the request, it\r\nwould be possible for an attacker to create a malicious server which\r\nuses the appropriate offsets and shellcode for each version and platform\r\nof the client.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in RealPlayer\r\nVersion 10.4 and 10.5 for Windows and Both RealPlayer 10.4 and Helix\r\nPlayer 1.4 for Linux.\r\n\r\nThe vendor has stated that the following versions are vulnerable:\r\n * RealPlayer 10.5 (6.0.12.1040-1348)\r\n * RealPlayer 10\r\n * RealOne Player v2\r\n * RealOne Player v1\r\n * RealPlayer 8\r\n\r\nIt is suspected that previous versions of RealPlayer and Helix Player\r\nare affected by this vulnerability.\r\n\r\nV. WORKAROUND\r\n\r\nAlthough there is no way to completely protect yourself from this\r\nvulnerability, aside from removing the RealPlayer software, the\r\nfollowing actions may be taken to minimize the risk of automated\r\nexploitation.\r\n\r\nDisable ActiveX controls and plugins, if not necessary for daily\r\noperations, using the following steps:\r\n\r\n1. In IE, click on Tools and select Internet Options from the drop-down \r\nmenu.\r\n2. Click the Security tab and the Custom Level button.\r\n3. Under ActiveX Controls and Plugins, then Run Activex Controls and \r\nPlugins,\r\nclick the Disable radio button.\r\n\r\nIn general, exploitation requires that a targeted user be socially\r\nengineered into visiting a link to a server controlled by an attacker.\r\nAs such, do not visit unknown/untrusted website and do not follow\r\nsuspicious links.\r\n\r\nWhen possible, run client software, especially applications such as IM\r\nclients, web browsers and e-mail clients, from regular user accounts\r\nwith limited access to system resources. This may limit the immediate\r\nconsequences of client-side vulnerabilities such as this.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nInformation from the vendor about this vulnerability is available at to\r\nfollowing URL:\r\n\r\n http://service.real.com/realplayer/security/03162006_player/en/\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-2922 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n09/08/2005 Initial vendor notification\r\n09/09/2005 Initial vendor response\r\n03/23/2006 Public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was found internally by Greg MacManus of iDefense Labs.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2006 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n\r\n", "cvss3": {}, "published": "2006-03-24T00:00:00", "type": "securityvulns", "title": "iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-24T00:00:00", "id": "SECURITYVULNS:DOC:11925", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11925", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:16", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n______________________________________________________________________________\r\n\r\n SUSE Security Announcement\r\n\r\n Package: RealPlayer\r\n Announcement ID: SUSE-SA:2006:018\r\n Date: Thu, 23 Mar 2006 12:00:00 +0000\r\n Affected Products: Novell Linux Desktop 9\r\n SUSE LINUX 10.0\r\n SUSE LINUX 9.3\r\n SUSE LINUX 9.2\r\n Vulnerability Type: remote code execution\r\n Severity (1-10): 8\r\n SUSE Default Package: yes\r\n Cross-References: CVE-2005-2922, CVE-2006-0323\r\n\r\n Content of This Advisory:\r\n 1) Security Vulnerability Resolved:\r\n realplayer security problems\r\n Problem Description\r\n 2) Solution or Work-Around\r\n 3) Special Instructions and Notes\r\n 4) Package Location and Checksums\r\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\r\n See SUSE Security Summary Report.\r\n 6) Authenticity Verification and Additional Information\r\n\r\n______________________________________________________________________________\r\n\r\n1) Problem Description and Brief Discussion\r\n\r\n This update fixes the following security problems in Realplayer:\r\n\r\n - Specially crafted SWF files could cause a buffer overflow and\r\n crash RealPlayer (CVE-2006-0323).\r\n\r\n - Specially crafted web sites could cause heap overflow and lead to\r\n executing arbitrary code (CVE-2005-2922). This was already fixed\r\n with the previously released 1.0.6 version, but not announced on\r\n request of Real.\r\n\r\n The advisory for these problems is on this page at Real:\r\n http://service.real.com/realplayer/security/03162006_player/en/\r\n\r\n SUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by\r\n this problem and receive fixed packages.\r\n\r\n If you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux\r\n Desktop 1, we again wish to remind you that the Real player on these\r\n products cannot be updated and recommend to deinstall it.\r\n\r\n2) Solution or Work-Around\r\n\r\n There is no known workaround, please install the update packages.\r\n\r\n3) Special Instructions and Notes\r\n\r\n None.\r\n\r\n4) Package Location and Checksums\r\n\r\n The preferred method for installing security updates is to use the YaST\r\n Online Update (YOU) tool. YOU detects which updates are required and\r\n automatically performs the necessary steps to verify and install them.\r\n Alternatively, download the update packages for your distribution manually\r\n and verify their integrity by the methods listed in Section 6 of this\r\n announcement. Then install the packages using the command\r\n\r\n rpm -Fhv <file.rpm>\r\n\r\n to apply the update, replacing <file.rpm> with the filename of the\r\n downloaded RPM package.\r\n\r\n\r\n x86 Platform:\r\n\r\n SUSE LINUX 10.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n eaf09598db97183bdb25478dc5266edf\r\n\r\n SUSE LINUX 9.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n 427de6f3af871dca3d9c6c4f42d14793\r\n\r\n SUSE LINUX 9.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n e84dd17634bcb046ade69fcdc8d67468\r\n\r\n Sources:\r\n\r\n SUSE LINUX 10.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/RealPlayer-10.0.7-0.1.nosrc.rpm\r\n d686f982312d06ff76ad786c29c94f5a\r\n\r\n SUSE LINUX 9.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/RealPlayer-10.0.7-0.1.src.rpm\r\n 5355bf3f17801d07f9a004711622dc8e\r\n\r\n SUSE LINUX 9.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/RealPlayer-10.0.7-0.1.src.rpm\r\n 0a7e783c563c24107b04b7f7f4e0b697\r\n\r\n Our maintenance customers are notified individually. The packages are\r\n offered for installation from the maintenance web:\r\n\r\n http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3ad7b20395a03f666b8f4ffe14e9276d.html\r\n\r\n______________________________________________________________________________\r\n\r\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\r\n\r\n See SUSE Security Summary Report.\r\n______________________________________________________________________________\r\n\r\n6) Authenticity Verification and Additional Information\r\n\r\n - Announcement authenticity verification:\r\n\r\n SUSE security announcements are published via mailing lists and on Web\r\n sites. The authenticity and integrity of a SUSE security announcement is\r\n guaranteed by a cryptographic signature in each announcement. All SUSE\r\n security announcements are published with a valid signature.\r\n\r\n To verify the signature of the announcement, save it as text into a file\r\n and run the command\r\n\r\n gpg --verify <file>\r\n\r\n replacing <file> with the name of the file where you saved the\r\n announcement. The output for a valid signature looks like:\r\n\r\n gpg: Signature made <DATE> using RSA key ID 3D25D3D9\r\n gpg: Good signature from "SuSE Security Team <security@suse.de>"\r\n\r\n where <DATE> is replaced by the date the document was signed.\r\n\r\n If the security team's key is not contained in your key ring, you can\r\n import it from the first installation CD. To import the key, use the\r\n command\r\n\r\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\r\n\r\n - Package authenticity verification:\r\n\r\n SUSE update packages are available on many mirror FTP servers all over the\r\n world. While this service is considered valuable and important to the free\r\n and open source software community, the authenticity and the integrity of\r\n a package needs to be verified to ensure that it has not been tampered\r\n with.\r\n\r\n There are two verification methods that can be used independently from\r\n each other to prove the authenticity of a downloaded file or RPM package:\r\n\r\n 1) Using the internal gpg signatures of the rpm package\r\n 2) MD5 checksums as provided in this announcement\r\n\r\n 1) The internal rpm package signatures provide an easy way to verify the\r\n authenticity of an RPM package. Use the command\r\n\r\n rpm -v --checksig <file.rpm>\r\n\r\n to verify the signature of the package, replacing <file.rpm> with the\r\n filename of the RPM package downloaded. The package is unmodified if it\r\n contains a valid signature from build@suse.de with the key ID 9C800ACA.\r\n\r\n This key is automatically imported into the RPM database (on\r\n RPMv4-based distributions) and the gpg key ring of 'root' during\r\n installation. You can also find it on the first installation CD and at\r\n the end of this announcement.\r\n\r\n 2) If you need an alternative means of verification, use the md5sum\r\n command to verify the authenticity of the packages. Execute the command\r\n\r\n md5sum <filename.rpm>\r\n\r\n after you downloaded the file from a SUSE FTP server or its mirrors.\r\n Then compare the resulting md5sum with the one that is listed in the\r\n SUSE security announcement. Because the announcement containing the\r\n checksums is cryptographically signed (by security@suse.de), the\r\n checksums show proof of the authenticity of the package if the\r\n signature of the announcement is valid. Note that the md5 sums\r\n published in the SUSE Security Announcements are valid for the\r\n respective packages only. Newer versions of these packages cannot be\r\n verified.\r\n\r\n - SUSE runs two security mailing lists to which any interested party may\r\n subscribe:\r\n\r\n suse-security@suse.com\r\n - General Linux and SUSE security discussion.\r\n All SUSE security announcements are sent to this list.\r\n To subscribe, send an e-mail to\r\n <suse-security-subscribe@suse.com>.\r\n\r\n suse-security-announce@suse.com\r\n - SUSE's announce-only mailing list.\r\n Only SUSE's security announcements are sent to this list.\r\n To subscribe, send an e-mail to\r\n <suse-security-announce-subscribe@suse.com>.\r\n\r\n For general information or the frequently asked questions (FAQ),\r\n send mail to <suse-security-info@suse.com> or\r\n <suse-security-faq@suse.com>.\r\n\r\n =====================================================================\r\n SUSE's security contact is <security@suse.com> or <security@suse.de>.\r\n The <security@suse.de> public key is listed below.\r\n =====================================================================\r\n______________________________________________________________________________\r\n\r\n The information in this advisory may be distributed or reproduced,\r\n provided that the advisory is not modified in any way. In particular, the\r\n clear text signature should show proof of the authenticity of the text.\r\n\r\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\r\n with respect to the information contained in this security advisory.\r\n\r\nType Bits/KeyID Date User ID\r\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>\r\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>\r\n\r\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\r\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\r\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\r\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\r\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\r\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\r\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\r\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\r\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\r\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\r\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\r\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\r\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\r\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\r\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\r\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\r\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\r\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\r\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\r\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\r\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\r\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\r\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\r\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\r\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\r\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\r\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\r\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\r\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\r\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\r\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\r\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\r\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\r\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\r\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\r\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\r\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\r\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\r\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\r\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\r\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\r\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\r\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\r\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\r\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\r\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\r\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\r\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\r\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\r\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\r\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\r\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\r\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\r\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\r\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\r\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\r\n=ypVs\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\niQEVAwUBRCKOiXey5gA9JdPZAQIpHwf9GLM/WqEyyhEtMDDXZMsQHtH3boux7jt1\r\nu/n6ZnDT7IbEWqMha7KZkI63V1tmPf3jJlJIG/6TcyqZJDg3qdesMVCYgS0KaO3Z\r\nyV/mMKWQBXRpU0AXpGH6uwVMPGxjRD4eC4spWSWLIw6YATWinLnN9AICilBbqgbQ\r\nD/jx6Ga6G8h+BrkH4ZcEzrLu0LtG+4m2PAv5+TNlFLWrlA90Amy8WNwSqCJtMucq\r\nDOC+Xj158Pd8GI5plL2fP85tvf9lOTl2PCmyFTwrK4Us4t2mjTqtSOvN34++oZ83\r\n4CTXKlrOhElpSp6NyZe56i6U22Sw/EhTw3JqlUadW7Ls91mmpqtn2A==\r\n=Lmof\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] SUSE Security Announcement: RealPlayer security problems (SUSE-SA:2006:018)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "SECURITYVULNS:DOC:11910", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11910", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2023-11-28T17:05:56", "description": "### Background\n\nRealPlayer is a multimedia player capable of handling multiple multimedia file formats. Helix Player is an open source media player for Linux. \n\n### Description\n\n\"c0ntex\" reported that RealPlayer and Helix Player suffer from a heap overflow. \n\n### Impact\n\nBy enticing a user to play a specially crafted realpix (.rp) or realtext (.rt) file, an attacker could execute arbitrary code with the permissions of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll RealPlayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/realplayer-10.0.6\"\n\nNote to Helix Player users: There is currently no stable secure Helix Player package. Affected users should remove the package until an updated Helix Player package is released.", "cvss3": {}, "published": "2005-10-07T00:00:00", "type": "gentoo", "title": "RealPlayer, Helix Player: Format string vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2710"], "modified": "2005-11-22T00:00:00", "id": "GLSA-200510-07", "href": "https://security.gentoo.org/glsa/200510-07", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T17:05:55", "description": "### Background\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. \n\n### Description\n\nApplications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the SSL_OP_ALL option, that implies it) can be forced by a third-party to fallback to the less secure SSL 2.0 protocol, even if both parties support the more secure SSL 3.0 or TLS 1.0 protocols. \n\n### Impact\n\nA man-in-the-middle attacker can weaken the encryption used to communicate between two parties, potentially revealing sensitive information. \n\n### Workaround\n\nIf possible, disable the use of SSL 2.0 in all OpenSSL-enabled applications. \n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose dev-libs/openssl", "cvss3": {}, "published": "2005-10-12T00:00:00", "type": "gentoo", "title": "OpenSSL: SSL 2.0 protocol rollback", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-11-07T00:00:00", "id": "GLSA-200510-11", "href": "https://security.gentoo.org/glsa/200510-11", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2023-10-20T18:29:46", "description": "## Releases\n\n * Ubuntu 5.10 \n * Ubuntu 5.04 \n * Ubuntu 4.10 \n\nYutaka Oiwa discovered a possible cryptographic weakness in OpenSSL \napplications. Applications using the OpenSSL library can use the \nSSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the \nformer) to maintain compatibility with third party products, which is \nachieved by working around known bugs in them.\n\nThe SSL_OP_MSIE_SSLV2_RSA_PADDING option disabled a verification step \nin the SSL 2.0 server supposed to prevent active protocol-version \nrollback attacks. With this verification step disabled, an attacker \nacting as a \"machine-in-the-middle\" could force a client and a server to \nnegotiate the SSL 2.0 protocol even if these parties both supported \nSSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe \ncryptographic weaknesses and is supported as a fallback only.\n", "cvss3": {}, "published": "2005-10-14T00:00:00", "type": "ubuntu", "title": "SSL library vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-14T00:00:00", "id": "USN-204-1", "href": "https://ubuntu.com/security/notices/USN-204-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-12-08T11:44:30", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-05:21.openssl.asc", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-05:21.openssl.asc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:55572", "href": "http://plugins.openvas.org/nasl.php?oid=55572", "sourceData": "#\n#ADV FreeBSD-SA-05:21.openssl.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#\n\ntag_insight = \"The OpenSSL library implements the Secure Sockets Layer and Transport\nLayer Security protocols, as well as providing a large number of basic\ncryptographic functions.\n\nThe Secure Sockets Layer protocol exists in two versions and includes a\nmechanism for negotiating the protocol version to be used. If the\nprotocol is executed correctly, it is impossible for a client and\nserver both capable of the newer version of the protocol (SSLv3) to end\nup using the older version of the protocol (SSLv2).\n\nIn order to provide bug-for-bug compatibility with Microsoft Internet\nExplorer 3.02, a verification step required by the Secure Sockets Layer\nprotocol can be disabled by using the SSL_OP_MSIE_SSLV2_RSA_PADDING\noption in OpenSSL. This option is implied by the frequently-used\nSSL_OP_ALL option.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-05:21.openssl.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-05:21.openssl.asc\";\n\n \nif(description)\n{\n script_id(55572);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(15647, 15071);\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-05:21.openssl.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"5.4\", patchlevel:\"8\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.3\", patchlevel:\"23\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.11\", patchlevel:\"13\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.10\", patchlevel:\"19\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:18", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: openssl, openssl-overwrite-base", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2016-09-26T00:00:00", "id": "OPENVAS:55588", "href": "http://plugins.openvas.org/nasl.php?oid=55588", "sourceData": "#\n#VID 60e26a40-3b25-11da-9484-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n openssl\n openssl-overwrite-base\n openssl-beta\n openssl-beta-overwrite-base\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.openssl.org/news/secadv_20051011.txt\nhttp://www.vuxml.org/freebsd/60e26a40-3b25-11da-9484-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55588);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(15647, 15071);\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: openssl, openssl-overwrite-base\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.7g\")<=0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.8\")>=0 && revcomp(a:bver, b:\"0.9.8_1\")<=0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.*_20050325\")>=0 && revcomp(a:bver, b:\"0.9.*_20051011\")<=0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"openssl-overwrite-base\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.7g\")<=0) {\n txt += 'Package openssl-overwrite-base version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.8\")>=0 && revcomp(a:bver, b:\"0.9.8_1\")<=0) {\n txt += 'Package openssl-overwrite-base version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.*_20050325\")>=0 && revcomp(a:bver, b:\"0.9.*_20051011\")<=0) {\n txt += 'Package openssl-overwrite-base version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"openssl-beta\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.8_1\")<=0) {\n txt += 'Package openssl-beta version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.*_20050325\")>=0 && revcomp(a:bver, b:\"0.9.*_20051011\")<=0) {\n txt += 'Package openssl-beta version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"openssl-beta-overwrite-base\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.8_1\")<=0) {\n txt += 'Package openssl-beta-overwrite-base version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.*_20050325\")>=0 && revcomp(a:bver, b:\"0.9.*_20051011\")<=0) {\n txt += 'Package openssl-beta-overwrite-base version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:49", "description": "The remote host is missing an update as announced\nvia advisory SSA:2005-286-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2005-286-01 OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55636", "href": "http://plugins.openvas.org/nasl.php?oid=55636", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2005_286_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix a security issue. Under certain conditions, an\nattacker acting as a 'man in the middle' may force a client and server to\nfall back to the less-secure SSL 2.0 protocol.\n\nMore details about this issue may be found here:\n\nhttp://www.openssl.org/news/secadv_20051011.txt\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2005-286-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2005-286-01\";\n \nif(description)\n{\n script_id(55636);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_bugtraq_id(15647, 15071);\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2005-286-01 OpenSSL \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.6m-i386-2\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.6m-i386-2\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7d-i386-2\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7d-i386-2\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7d-i486-2\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7d-i486-2\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7d-i486-2\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7d-i486-2\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7e-i486-4\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7e-i486-4\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7g-i486-2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7g-i486-2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:13", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012506 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65067", "href": "http://plugins.openvas.org/nasl.php?oid=65067", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5012506.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012506 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65067);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.7d~15.15.3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:19", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012506 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065067", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065067", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5012506.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012506 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65067\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.7d~15.15.3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:56", "description": "The remote host is missing updates announced in\nadvisory GLSA 200510-07.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200510-07 (realplayer helixplayer)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55573", "href": "http://plugins.openvas.org/nasl.php?oid=55573", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"RealPlayer and Helix Player are vulnerable to a format string vulnerability\nresulting in the execution of arbitrary code.\";\ntag_solution = \"All RealPlayer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.6'\n\nAll Helix Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/helixplayer-1.0.6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200510-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=107309\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200510-07.\";\n\n \n\nif(description)\n{\n script_id(55573);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-2710\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200510-07 (realplayer helixplayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/realplayer\", unaffected: make_list(\"ge 10.0.6\"), vulnerable: make_list(\"lt 10.0.6\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-video/helixplayer\", unaffected: make_list(\"ge 1.0.6\"), vulnerable: make_list(\"lt 1.0.6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:17", "description": "The remote host is missing an update to openssl096\nannounced via advisory DSA 881-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 881-1 (openssl096)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55794", "href": "http://plugins.openvas.org/nasl.php?oid=55794", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_881_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 881-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\noldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl096\nannounced via advisory DSA 881-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20881-1\";\n\nif(description)\n{\n script_id(55794);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15647, 15071);\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 881-1 (openssl096)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl0.9.6\", ver:\"0.9.6m-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:57", "description": "The remote host is missing an update to openssl094\nannounced via advisory DSA 875-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 875-1 (openssl094)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55751", "href": "http://plugins.openvas.org/nasl.php?oid=55751", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_875_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 875-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n oldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl094\nannounced via advisory DSA 875-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20875-1\";\n\nif(description)\n{\n script_id(55751);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15647, 15071);\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 875-1 (openssl094)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl09\", ver:\"0.9.4-6.woody.4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:13", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 888-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 888-1 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55813", "href": "http://plugins.openvas.org/nasl.php?oid=55813", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_888_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 888-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n\t\t oldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 888-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20888-1\";\n\nif(description)\n{\n script_id(55813);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15647, 15071);\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 888-1 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ssleay\", ver:\"0.9.6c-2.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.6c-2.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.6\", ver:\"0.9.6c-2.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.6c-2.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.7e-3sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7\", ver:\"0.9.7e-3sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.7e-3sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:20", "description": "The remote host is missing an update as announced\nvia advisory SSA:2005-286-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2005-286-01 OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231055636", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231055636", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2005_286_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.55636\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_bugtraq_id(15647, 15071);\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2005-286-01 OpenSSL\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2005-286-01\");\n script_xref(name:\"URL\", value:\"http://www.openssl.org/news/secadv_20051011.txt\");\n\n script_tag(name:\"insight\", value:\"New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix a security issue. Under certain conditions, an\nattacker acting as a 'man in the middle' may force a client and server to\nfall back to the less-secure SSL 2.0 protocol.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2005-286-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.6m-i386-2\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.6m-i386-2\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7d-i386-2\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7d-i386-2\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7d-i486-2\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7d-i486-2\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7d-i486-2\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7d-i486-2\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7e-i486-4\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7e-i486-4\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7g-i486-2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7g-i486-2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:50:11", "description": "The remote host is missing updates announced in\nadvisory GLSA 200510-11.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200510-11 (OpenSSL)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55640", "href": "http://plugins.openvas.org/nasl.php?oid=55640", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"When using a specific option, OpenSSL can be forced to fallback to the less\nsecure SSL 2.0 protocol.\";\ntag_solution = \"All OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-libs/openssl\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200510-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=108852\nhttp://www.openssl.org/news/secadv_20051011.txt\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200510-11.\";\n\n \n\nif(description)\n{\n script_id(55640);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(15647, 15071);\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200510-11 (OpenSSL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8-r1\", \"rge 0.9.7h\", \"rge 0.9.7g-r1\", \"rge 0.9.7e-r2\"), vulnerable: make_list(\"lt 0.9.8-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing an update to openssl095\nannounced via advisory DSA 882-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 882-1 (openssl095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55796", "href": "http://plugins.openvas.org/nasl.php?oid=55796", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_882_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 882-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\noldstable (woody) stable (sarge) unstable (sid)\nopenssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3\nopenssl 094 0.9.4-6.woody.4 n/a n/a\nopenssl 095 0.9.5a-6.woody.6 n/a n/a\nopenssl 096 n/a 0.9.6m-1sarge1 n/a\nopenssl 097 n/a n/a 0.9.7g-5\n\nWe recommend that you upgrade your libssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl095\nannounced via advisory DSA 882-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20882-1\";\n\nif(description)\n{\n script_id(55796);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15647, 15071);\n script_cve_id(\"CVE-2005-2969\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 882-1 (openssl095)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl095a\", ver:\"0.9.5a-6.woody.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:55", "description": "The remote host is missing an update to helix-player\nannounced via advisory DSA 915-1.\n\nAn integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.\n\nThis vulnerability is fixed by version 1.0.6-1 in unstable.\nHelix-player is not currently in the testing distribution.\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 915-1 (helix-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55945", "href": "http://plugins.openvas.org/nasl.php?oid=55945", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_915_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 915-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.\n\nWe recommend that you upgrade your helix-player package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20915-1\";\ntag_summary = \"The remote host is missing an update to helix-player\nannounced via advisory DSA 915-1.\n\nAn integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.\n\nThis vulnerability is fixed by version 1.0.6-1 in unstable.\nHelix-player is not currently in the testing distribution.\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.\";\n\n\nif(description)\n{\n script_id(55945);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2629\");\n script_bugtraq_id(15381);\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 915-1 (helix-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"helix-player\", ver:\"1.0.4-1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:19", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: linux-realplayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2016-09-22T00:00:00", "id": "OPENVAS:56447", "href": "http://plugins.openvas.org/nasl.php?oid=56447", "sourceData": "#\n#VID fe4c84fc-bdb5-11da-b7d4-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-realplayer\n\nCVE-2005-2922\nHeap-based buffer overflow in the embedded player in multiple\nRealNetworks products and versions including RealPlayer 10.x, RealOne\nPlayer, and Helix Player allows remote malicious servers to cause a\ndenial of service (crash) and possibly execute arbitrary code via a\nchunked Transfer-Encoding HTTP response in which either (1) the chunk\nheader length is specified as -1, (2) the chunk header with a length\nthat is less than the actual amount of sent data, or (3) a missing\nchunk header.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://service.real.com/realplayer/security/03162006_player/en/\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\nhttp://secunia.com/advisories/19358/\nhttp://www.vuxml.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56447);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(17202);\n script_cve_id(\"CVE-2005-2922\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: linux-realplayer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-realplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.1\")>=0 && revcomp(a:bver, b:\"10.0.6\")<0) {\n txt += 'Package linux-realplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:03", "description": "The remote host is missing an update to helix-player\nannounced via advisory DSA 826-1.\n\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\nCVE-2005-1766\nBuffer overflow in the RealText parser could allow remote code\nexecution via a specially crafted RealMedia file with a long\nRealText string.\n\nCVE-2005-2710\nFormat string vulnerability in Real HelixPlayer and RealPlayer 10\nallows remote attackers to execute arbitrary code via the image\nhandle attribute in a RealPix (.rp) or RealText (.rt) file.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 826-1 (helix-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1766", "CVE-2005-2710"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55491", "href": "http://plugins.openvas.org/nasl.php?oid=55491", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_826_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 826-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.6-1\n\nWe recommend that you upgrade your helix-player package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20826-1\";\ntag_summary = \"The remote host is missing an update to helix-player\nannounced via advisory DSA 826-1.\n\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\nCVE-2005-1766\nBuffer overflow in the RealText parser could allow remote code\nexecution via a specially crafted RealMedia file with a long\nRealText string.\n\nCVE-2005-2710\nFormat string vulnerability in Real HelixPlayer and RealPlayer 10\nallows remote attackers to execute arbitrary code via the image\nhandle attribute in a RealPix (.rp) or RealText (.rt) file.\";\n\n\nif(description)\n{\n script_id(55491);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-1766\", \"CVE-2005-2710\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 826-1 (helix-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"helix-player\", ver:\"1.0.4-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:55", "description": "Check for the Version of Apache Remote Execution of Arbitrary Code", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835119", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n Denial of Service (DoS)\n and unauthorized access.\";\ntag_affected = \"Apache Remote Execution of Arbitrary Code on\n HP-UX B.11.11, B.11.23, and B.11.31\";\ntag_insight = \"Potential security vulnerabilities have been identified with Apache running \n on HP-UX. These vulnerabilities could be exploited remotely to allow \n execution of arbitrary code, Denial of Service (DoS), or unauthorized \n access.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00849540-2\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835119\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02186\");\n script_cve_id(\"CVE-2006-2940\", \"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2005-2969\");\n script_name( \"HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache Remote Execution of Arbitrary Code\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:16", "description": "Check for the Version of Apache Remote Execution of Arbitrary Code", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835119", "href": "http://plugins.openvas.org/nasl.php?oid=835119", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n Denial of Service (DoS)\n and unauthorized access.\";\ntag_affected = \"Apache Remote Execution of Arbitrary Code on\n HP-UX B.11.11, B.11.23, and B.11.31\";\ntag_insight = \"Potential security vulnerabilities have been identified with Apache running \n on HP-UX. These vulnerabilities could be exploited remotely to allow \n execution of arbitrary code, Denial of Service (DoS), or unauthorized \n access.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00849540-2\");\n script_id(835119);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02186\");\n script_cve_id(\"CVE-2006-2940\", \"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2005-2969\");\n script_name( \"HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\");\n\n script_summary(\"Check for the Version of Apache Remote Execution of Arbitrary Code\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:49", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 127128-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-5135"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 127128-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855192\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"127128-11\");\n script_cve_id(\"CVE-2007-5135\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 127128-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-127128-11-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"127128-11\", package:\"SUNWcpc.i SUNWrcmdc SUNWpsu SUNWfss SUNWatfsu SUNWscplp SUNWopenssl-include SUNWudapltu SUNWrds SUNWarc SUNWahci SUNWfmd SUNWintgige SUNWbtool SUNWperl584core SUNWypr SUNWcry SUNWkrbu SUNWsmapi SUNWtavor SUNWgssk SUNWpsdcr SUNWmdb SUNWzfsu SUNWaudit SUNWtsr SUNWpapi SUNWsndmu SUNWnfssu SUNWkdcu SUNWmdr SUNWpcr SUNWpsdir SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWcsl SUNWcpcu SUNWrcmds SUNWvolu SUNWib SUNWnisu SUNWos86r SUNWtoo SUNWcryr SUNWsi3124 SUNWtnetc SUNWtsg SUNWypu SUNWmv88sx SUNWftduu SUNWppm SUNWusb SUNWzfsr SUNWckr SUNWcsr SUNW1394 SUNWgss SUNWkrbr SUNWtsu SUNWmdbr SUNWlxr SUNWpcu SUNWzfskr SUNWarcr SUNWmdu SUNWpamsc SUNWnxge.i SUNWpsh SUNWhea SUNWcakr.i SUNWnfsckr SUNWdtrp SUNWspnego SUNWdcar SUNWpl5u SUNWnfsskr SUNWtnetd SUNWcslr SUNWippcore SUNWlxu SUNWcsu SUNWnfscu SUNWesu SUNWcsd SUNWpsr SUNWipplr SUNWpsm-lpd SUNWzoneu SUNWipplu SUNWnfscr SUNWftdur SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:20", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 127128-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-5135"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855192", "href": "http://plugins.openvas.org/nasl.php?oid=855192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 127128-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855192);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"127128-11\");\n script_cve_id(\"CVE-2007-5135\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 127128-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-127128-11-1\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"127128-11\", package:\"SUNWcpc.i SUNWrcmdc SUNWpsu SUNWfss SUNWatfsu SUNWscplp SUNWopenssl-include SUNWudapltu SUNWrds SUNWarc SUNWahci SUNWfmd SUNWintgige SUNWbtool SUNWperl584core SUNWypr SUNWcry SUNWkrbu SUNWsmapi SUNWtavor SUNWgssk SUNWpsdcr SUNWmdb SUNWzfsu SUNWaudit SUNWtsr SUNWpapi SUNWsndmu SUNWnfssu SUNWkdcu SUNWmdr SUNWpcr SUNWpsdir SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWcsl SUNWcpcu SUNWrcmds SUNWvolu SUNWib SUNWnisu SUNWos86r SUNWtoo SUNWcryr SUNWsi3124 SUNWtnetc SUNWtsg SUNWypu SUNWmv88sx SUNWftduu SUNWppm SUNWusb SUNWzfsr SUNWckr SUNWcsr SUNW1394 SUNWgss SUNWkrbr SUNWtsu SUNWmdbr SUNWlxr SUNWpcu SUNWzfskr SUNWarcr SUNWmdu SUNWpamsc SUNWnxge.i SUNWpsh SUNWhea SUNWcakr.i SUNWnfsckr SUNWdtrp SUNWspnego SUNWdcar SUNWpl5u SUNWnfsskr SUNWtnetd SUNWcslr SUNWippcore SUNWlxu SUNWcsu SUNWnfscu SUNWesu SUNWcsd SUNWpsr SUNWipplr SUNWpsm-lpd SUNWzoneu SUNWipplu SUNWnfscr SUNWftdur SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:47", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 120011-14", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-0957", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 120011-14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855516\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"120011-14\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2007-0957\", \"CVE-2006-0225\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 120011-14\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-120011-14-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"120011-14\", package:\"SUNWcakr.u SUNWsshcu SUNWpcmci SUNWcnetr SUNWcar.us SUNWdhcsu SUNWrcmdc SUNWperl584usr SUNWixgb SUNWpsu SUNWfss SUNWatfsu SUNWopenssl-include SUNWpmu SUNWlldap SUNWipfr SUNWudapltu SUNWzoner SUNWarc SUNWipfu SUNWfmd SUNWintgige SUNWscpu SUNWbtool SUNWxge SUNWidn.u SUNWsra FJSVcpcu SUNWperl584core SUNWbart SUNWkrbu SUNWdrcr.u SUNWsmapi SUNWtavor SUNWbcp SUNWipfh SUNWmdb SUNWzfsu SUNWsndmr SUNWaudit SUNWncar SUNWldomr.v SUNWiopc.v SUNWcakr.us SUNWpapi SUNWsshdu SUNWcart200.v SUNWcpr.u SUNWkvm.u SUNWsndmu SUNWpppdu SUNWnfssu SUNWdhcm SUNWkdcu SUNWmdr SUNWkvm.v SUNWkvm.us FJSVhea SUNWpool SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWus.u SUNWcsl FJSVmdbr SUNWcpcu SUNWses SUNWsadmi SUNWvolu SUNWcpc.v SUNWib SUNWkey SUNWnisu SUNWtoo SUNWsckmr SUNWdrr.u FJSVpiclu SUNWdmgtu SUNWkvmt200.v SUNWusbu SUNWefc.u SUNWpiclu SUNWypu SUNWpoolr SUNWftduu SUNWppm SUNWuksp SUNWcakr.v SUNWslpu SUNWusb SUNWcti2.u SUNWzfsr SUNWdrr.us SUNWroute SUNWckr SUNWcsr SUNWdoc SUNWefcr SUNWaudh SUNWefcl SUNWrge SUNWtecla SUNWmdbr SUNWldomu.v SUNWpcu SUNWdscpr.u SUNWzfskr SUNWarcr SUNWmdu SUNWdcsu SUNWrcapu FJSVmdb SUNWwbsup SUNWcar.v SUNWhea SUNWqos SUNWntpu SUNWnfsckr SUNWdtrp SUNWcpc.us SUNWpl5u SUNWlibsasl SUNWcslr SUNWippcore SUNWsshu SUNWdcsr SUNWcsu SUNWust1.v SUNWcar.u SUNWnfscu SUNWesu SUNWcsd SUNWfruip.u SUNWssad SUNWcpc.u SUNWipplr SUNWpsm-lpd SUNWuprl SUNWefc.us SUNWzoneu SUNWipplu SUNWrcapr SUNWdfbh SUNWwrsm.u SUNWftdur SUNWerid SUNWauda\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:09", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 120011-14", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-0957", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855516", "href": "http://plugins.openvas.org/nasl.php?oid=855516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 120011-14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855516);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"120011-14\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2007-0957\", \"CVE-2006-0225\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 120011-14\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-120011-14-1\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"120011-14\", package:\"SUNWcakr.u SUNWsshcu SUNWpcmci SUNWcnetr SUNWcar.us SUNWdhcsu SUNWrcmdc SUNWperl584usr SUNWixgb SUNWpsu SUNWfss SUNWatfsu SUNWopenssl-include SUNWpmu SUNWlldap SUNWipfr SUNWudapltu SUNWzoner SUNWarc SUNWipfu SUNWfmd SUNWintgige SUNWscpu SUNWbtool SUNWxge SUNWidn.u SUNWsra FJSVcpcu SUNWperl584core SUNWbart SUNWkrbu SUNWdrcr.u SUNWsmapi SUNWtavor SUNWbcp SUNWipfh SUNWmdb SUNWzfsu SUNWsndmr SUNWaudit SUNWncar SUNWldomr.v SUNWiopc.v SUNWcakr.us SUNWpapi SUNWsshdu SUNWcart200.v SUNWcpr.u SUNWkvm.u SUNWsndmu SUNWpppdu SUNWnfssu SUNWdhcm SUNWkdcu SUNWmdr SUNWkvm.v SUNWkvm.us FJSVhea SUNWpool SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWus.u SUNWcsl FJSVmdbr SUNWcpcu SUNWses SUNWsadmi SUNWvolu SUNWcpc.v SUNWib SUNWkey SUNWnisu SUNWtoo SUNWsckmr SUNWdrr.u FJSVpiclu SUNWdmgtu SUNWkvmt200.v SUNWusbu SUNWefc.u SUNWpiclu SUNWypu SUNWpoolr SUNWftduu SUNWppm SUNWuksp SUNWcakr.v SUNWslpu SUNWusb SUNWcti2.u SUNWzfsr SUNWdrr.us SUNWroute SUNWckr SUNWcsr SUNWdoc SUNWefcr SUNWaudh SUNWefcl SUNWrge SUNWtecla SUNWmdbr SUNWldomu.v SUNWpcu SUNWdscpr.u SUNWzfskr SUNWarcr SUNWmdu SUNWdcsu SUNWrcapu FJSVmdb SUNWwbsup SUNWcar.v SUNWhea SUNWqos SUNWntpu SUNWnfsckr SUNWdtrp SUNWcpc.us SUNWpl5u SUNWlibsasl SUNWcslr SUNWippcore SUNWsshu SUNWdcsr SUNWcsu SUNWust1.v SUNWcar.u SUNWnfscu SUNWesu SUNWcsd SUNWfruip.u SUNWssad SUNWcpc.u SUNWipplr SUNWpsm-lpd SUNWuprl SUNWefc.us SUNWzoneu SUNWipplu SUNWrcapr SUNWdfbh SUNWwrsm.u SUNWftdur SUNWerid SUNWauda\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2023-11-28T16:45:29", "description": "\n\nVulnerability:\n\nSuch applications are affected if they use the option\n\t SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of\n\t SSL_OP_ALL, which is intended to work around various bugs in\n\t third-party software that might prevent interoperability. The\n\t SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in\n\t the SSL 2.0 server supposed to prevent active protocol-version\n\t rollback attacks. With this verification step disabled, an attacker\n\t acting as a \"man in the middle\" can force a client and a server to\n\t negotiate the SSL 2.0 protocol even if these parties both support\n\t SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe\n\t cryptographic weaknesses and is supported as a fallback only.\nApplications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor\n\t SSL_OP_ALL are not affected. Also, applications that disable\n\t use of SSL 2.0 are not affected.\n\n\n", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "freebsd", "title": "openssl -- potential SSL 2.0 rollback", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-25T00:00:00", "id": "60E26A40-3B25-11DA-9484-00123FFE8333", "href": "https://vuxml.freebsd.org/freebsd/60e26a40-3b25-11da-9484-00123ffe8333.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T16:45:29", "description": "\n\niDefense Reports:\n\nRemote exploitation of a heap-based buffer overflow in\n\t RealNetwork Inc's RealPlayer could allow the execution of\n\t arbitrary code in the context of the currently logged in\n\t user.\nIn order to exploit this vulnerability, an attacker would\n\t need to entice a user to follow a link to a malicious server.\n\t Once the user visits a website under the control of an\n\t attacker, it is possible in a default install of RealPlayer\n\t to force a web-browser to use RealPlayer to connect to an\n\t arbitrary server, even when it is not the default application\n\t for handling those types, by the use of embedded object tags\n\t in a webpage. This may allow automated exploitation when the\n\t page is viewed.\n\n\n", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "freebsd", "title": "linux-realplayer -- heap overflow", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-23T00:00:00", "id": "FE4C84FC-BDB5-11DA-B7D4-00123FFE8333", "href": "https://vuxml.freebsd.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "altlinux": [{"lastseen": "2023-05-07T11:49:15", "description": "Oct. 11, 2005 Dmitry V. Levin 0.9.7g-alt3\n \n \n - Applied upstream fix for potential SSL 2.0 rollback\n during SSL handshake (CAN-2005-2969).\n", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt3", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-11T00:00:00", "id": "DF0387CA5C7D6A741A373EC3E40BA1F1", "href": "https://packages.altlinux.org/en/p9/srpms/openssl10/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-08T23:17:43", "description": "Oct. 11, 2005 Dmitry V. Levin 0.9.7g-alt3\n \n \n - Applied upstream fix for potential SSL 2.0 rollback\n during SSL handshake (CAN-2005-2969).\n", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt3", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-11T00:00:00", "id": "BD2ABA3F02325387ADD460C21764F7A2", "href": "https://packages.altlinux.org/en/p8/srpms/openssl10/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-08T01:48:26", "description": "Oct. 11, 2005 Dmitry V. Levin 0.9.7g-alt3\n \n \n - Applied upstream fix for potential SSL 2.0 rollback\n during SSL handshake (CAN-2005-2969).\n", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt3", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-11T00:00:00", "id": "A7283F59A28131A1D9D9457A50C34A50", "href": "https://packages.altlinux.org/en/p9/srpms/openssl1.1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "jvn": [{"lastseen": "2023-11-28T16:47:56", "description": "\n\n ## Impact\n\nWhen performing communication through a path controlled by an attacker using OpenSSL, the attacker conducting a man-in-the-middle (MITM) attack can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0 to intercept or alter data.\n\n ## Solution\n\n ## Products Affected\n\n * OpenSSL 0.9.8 and earlier\n", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "jvn", "title": "JVN#23632449: OpenSSL version rollback vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2015-10-21T00:00:00", "id": "JVN:23632449", "href": "http://jvn.jp/en/jp/JVN23632449/index.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:43:32", "description": "RealPlayer and Helix Player are media players developed by RealNetworks, Inc. These applications are capable of playing back numerous multimedia file formats. They support a streaming slide show technology called RealPix that allows for the creation of presentations that include image content. The RealPix format is a proprietary RealNetworks multimedia format. A format string vulnerability exists in the RealNetworks RealPlayer and Helix Player products. A remote user may exploit this flaw by supplying a crafted RealPix multimedia file to a vulnerable target. The vulnerability may be exploited to divert process flow of the vulnerable application and execute arbitrary code in the security context of the current user running the vulnerable product. In an unsuccessful code injection attack case, the vulnerable application may unexpectedly terminate as a result. In a successful attack scenario, arbitrary code may be injected and executed on the target system. In such a case, the behaviour of the target system is dependent on the intent of the malicious code.", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "checkpoint_advisories", "title": "RealNetworks RealPlayer Error Message Format String (CVE-2005-2710)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2710"], "modified": "2009-10-11T00:00:00", "id": "CPAI-2005-305", "href": "", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2021-06-08T18:40:21", "description": "The following security issue in RealPlayer was fixed: - A format string bug in the RealPix (.rp) file format parser (CAN-2005-2710). This bug allowed remote attackers to execute arbitrary code by supplying a specially crafted file, e.g via Web page or E-Mail. Note that we no longer support RealPlayer on the following distributions for some time now: - SUSE Linux 9.1 - SUSE Linux 9.0 - SUSE Linux Desktop 1.0 On these distributions, please deinstall RealPlayer by running as root: rpm -e RealPlayer 2) Solution or Work-Around\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2005-10-10T13:36:54", "type": "suse", "title": "remote code execution in RealPlayer", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2005-10-10T13:36:54", "id": "SUSE-SA:2005:059", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-10/msg00011.html", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:50:54", "description": "The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which is commonly used in applications). (CAN-2005-2969)\n#### Solution\nPlease install the updated packages. A work-around would be to disable SSL v2 support in the applications.", "cvss3": {}, "published": "2005-10-19T12:57:35", "type": "suse", "title": "protocol downgrade attack in openssl", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-19T12:57:35", "id": "SUSE-SA:2005:061", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-10/msg00014.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:40:21", "description": "This update fixes the following security problems in Realplayer:\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2006-03-23T12:04:47", "type": "suse", "title": "remote code execution in RealPlayer", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2006-03-23T12:04:47", "id": "SUSE-SA:2006:018", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-03/msg00016.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2019-05-30T07:37:18", "description": "New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix a security issue. Under certain conditions, an\nattacker acting as a "man in the middle" may force a client and server to\nfall back to the less-secure SSL 2.0 protocol.\n\nMore details about this issue may be found here:\n\n http://www.openssl.org/news/secadv_20051011.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/openssl-0.9.7g-i486-2.tgz: Patched.\n Fixed a vulnerability that could, in rare circumstances, allow an attacker\n acting as a "man in the middle" to force a client and a server to negotiate\n the SSL 2.0 protocol (which is known to be weak) even if these parties both\n support SSL 3.0 or TLS 1.0.\n For more details, see:\n http://www.openssl.org/news/secadv_20051011.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969\n (* Security fix *)\npatches/packages/openssl-solibs-0.9.7g-i486-2.tgz: Patched.\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated packages for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6m-i386-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6m-i386-2.tgz\n\nUpdated packages for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7d-i386-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7d-i386-2.tgz\n\nUpdated packages for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7d-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7d-i486-2.tgz\n\nUpdated packages for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssl-0.9.7d-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssl-solibs-0.9.7d-i486-2.tgz\n\nUpdated packages for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssl-0.9.7e-i486-4.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssl-solibs-0.9.7e-i486-4.tgz\n\nUpdated packages for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssl-0.9.7g-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssl-solibs-0.9.7g-i486-2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.7g-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.7g-i486-2.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 packages:\n233579e9b0f6acccb2a4de2328283bca openssl-0.9.6m-i386-2.tgz\n47a01aeb5b8a8626759ed7679cab7994 openssl-solibs-0.9.6m-i386-2.tgz\n\nSlackware 9.0 packages:\ndc48ea28db265ac7d962f579b3af16e0 openssl-0.9.7d-i386-2.tgz\n7fa49277ec5c2876d093f0946bc5a018 openssl-solibs-0.9.7d-i386-2.tgz\n\nSlackware 9.1 packages:\ne6f519e5e556e6a59cbe653a4306764e openssl-0.9.7d-i486-2.tgz\ne316aa71fe6711e05fe5bca27155ab11 openssl-solibs-0.9.7d-i486-2.tgz\n\nSlackware 10.0 packages:\n3a0d650e1d6c78def45b807b16842d4f openssl-0.9.7d-i486-2.tgz\n9c8576aaf5f30a5a443535220936d5bc openssl-solibs-0.9.7d-i486-2.tgz\n\nSlackware 10.1 packages:\n31ac4c1e3bfea98c5ebc16561cf4b79d openssl-0.9.7e-i486-4.tgz\n9627ae6903a776c2ec47e99414153c9d openssl-solibs-0.9.7e-i486-4.tgz\n\nSlackware 10.2 packages:\n1453988b55ae1e7befd325b139d37ea3 openssl-0.9.7g-i486-2.tgz\nbb7713fcf4b0942210fd78c6d2a23196 openssl-solibs-0.9.7g-i486-2.tgz\n\nSlackware -current packages:\n1453988b55ae1e7befd325b139d37ea3 openssl-0.9.7g-i486-2.tgz\nbb7713fcf4b0942210fd78c6d2a23196 openssl-solibs-0.9.7g-i486-2.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-solibs-0.9.7g-i486-2.tgz openssl-0.9.7g-i486-2.tgz", "cvss3": {}, "published": "2005-10-13T18:06:49", "type": "slackware", "title": "OpenSSL", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-13T18:06:49", "id": "SSA-2005-286-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.555090", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd_advisory": [{"lastseen": "2023-11-28T16:06:15", "description": "\\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:21.openssl Security Advisory The FreeBSD Project Topic: Potential SSL 2.0 rollback Category: contrib Module: openssl Announced: 2005-10-11 Credits: Yutaka Oiwa Affects: All FreeBSD releases. Corrected: 2005-10-11 11:52:46 UTC (RELENG_6, 6.0-STABLE) 2005-10-11 11:53:03 UTC (RELENG_6_0, 6.0-RELEASE) 2005-10-11 11:52:01 UTC (RELENG_5, 5.4-STABLE) 2005-10-11 11:52:28 UTC (RELENG_5_4, 5.4-RELEASE-p8) 2005-10-11 11:52:13 UTC (RELENG_5_3, 5.3-RELEASE-p23) 2005-10-11 11:50:50 UTC (RELENG_4, 4.11-STABLE) 2005-10-11 11:51:45 UTC (RELENG_4_11, 4.11-RELEASE-p13) 2005-10-11 11:51:20 UTC (RELENG_4_10, 4.10-RELEASE-p19) CVE Name: CAN-2005-2969 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The OpenSSL library implements the Secure Sockets Layer and Transport Layer Security protocols, as well as providing a large number of basic cryptographic functions. The Secure Sockets Layer protocol exists in two versions and includes a mechanism for negotiating the protocol version to be used. If the protocol is executed correctly, it is impossible for a client and server both capable of the newer version of the protocol (SSLv3) to end up using the older version of the protocol (SSLv2). II. Problem Description In order to provide bug-for-bug compatibility with Microsoft Internet Explorer 3.02, a verification step required by the Secure Sockets Layer protocol can be disabled by using the SSL_OP_MSIE_SSLV2_RSA_PADDING option in OpenSSL. This option is implied by the frequently-used SSL_OP_ALL option. III. Impact If the SSL_OP_MSIE_SSLV2_RSA_PADDING option is enabled in a server application using OpenSSL, an attacker who is able to intercept and tamper with packets transmitted between a client and the server can cause the protocol version negotiation to result in SSLv2 being used even when both the client and the server support SSLv3. Due to a number of weaknesses in the SSLv2 protocol, this may allow the attacker to read or tamper with the encrypted data being sent. Applications which do not support SSLv2, have been configured to not permit the use of SSLv2, or do not use the SSL_OP_MSIE_SSLV2_RSA_PADDING or SSL_OP_ALL options are not affected. IV. Workaround No workaround is available. V. Solution NOTE WELL: The solution described below causes OpenSSL to ignore the SSL_OP_MSIE_SSLV2_RSA_PADDING option and hence to require conformance with the Secure Sockets Layer protocol. As a result, this solution will reintroduce incompatibility with Microsoft Internet Explorer 3.02 and any other applications which exhibit the same protocol violation. Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, and 5.4 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:21/openssl.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:21/openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system as described in . Note that any statically linked applications that are not part of the base system (i.e. from the Ports Collection or other 3rd-party sources) must be recompiled. All affected applications must be restarted for them to use the corrected library. Though not required, rebooting may be the easiest way to accomplish this. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path \\- ------------------------------------------------------------------------- RELENG_4 src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.11 src/crypto/openssl/ssl/s23_srvr.c 1.2.2.6 RELENG_4_11 src/UPDATING 1.73.2.91.2.14 src/sys/conf/newvers.sh 1.44.2.39.2.17 src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.10.4.1 src/crypto/openssl/ssl/s23_srvr.c 1.2.2.5.8.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.20 src/sys/conf/newvers.sh 1.44.2.34.2.21 src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.10.2.1 src/crypto/openssl/ssl/s23_srvr.c 1.2.2.5.6.1 RELENG_5 src/crypto/openssl/crypto/opensslv.h 1.1.1.1.15.2.2 src/crypto/openssl/ssl/s23_srvr.c 1.7.6.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.17 src/sys/conf/newvers.sh 1.62.2.18.2.13 src/crypto/openssl/crypto/opensslv.h 1.1.1.15.2.1.2.1 src/crypto/openssl/ssl/s23_srvr.c 1.7.10.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.26 src/sys/conf/newvers.sh 1.62.2.15.2.28 src/crypto/openssl/crypto/opensslv.h 1.1.1.15.4.1 src/crypto/openssl/ssl/s23_srvr.c 1.7.8.1 RELENG_6 src/crypto/openssl/ssl/s23_srvr.c 1.7.12.1 src/crypto/openssl/crypto/opensslv.h 1.1.1.16.2.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.1 src/crypto/openssl/crypto/opensslv.h 1.1.1.16.4.1 src/crypto/openssl/ssl/s23_srvr.c 1.7.14.1 \\- ------------------------------------------------------------------------- VII. References http://www.openssl.org/news/secadv_20051011.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:21.openssl.asc \\-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDThqmFdaIBMps37IRAuh+AJ4wt03pXt8g+9okQLaChhwrLgT+DQCfaBwg NQ1AyadfK+gC7adAcuLBQ2k= =a1sE \\-----END PGP SIGNATURE----- \n", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "freebsd_advisory", "title": "\nFreeBSD-SA-05:21.openssl", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-11T00:00:00", "id": "FREEBSD_ADVISORY:FREEBSD-SA-05:21.OPENSSL", "href": "https://www.freebsd.org/security/advisories/FreeBSD-SA-05:21.openssl.asc", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openssl": [{"lastseen": "2023-11-28T17:28:04", "description": " A deprecated option, SSL_OP_MISE_SSLV2_RSA_PADDING, could allow an attacker acting as a \u201cman in the middle\u201d to force a connection to downgrade to SSL 2.0 even if both parties support better protocols. \n", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "openssl", "title": "Vulnerability in OpenSSL CVE-2005-2969", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2005-10-11T00:00:00", "id": "OPENSSL:CVE-2005-2969", "href": "https://www.openssl.org/news/secadv/20051011.txt", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2022-08-10T07:23:44", "description": "\nYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.\n\n\nThe following matrix explains which version in which distribution has\nthis problem corrected.\n\n\n\n\n\n| | oldstable (woody) | stable (sarge) | unstable (sid) |\n| --- | --- | --- | --- |\n| openssl | 0.9.6c-2.woody.8 | 0.9.7e-3sarge1 | 0.9.8-3 |\n| openssl094 | 0.9.4-6.woody.4 | n/a | n/a |\n| openssl095 | 0.9.5a-6.woody.6 | n/a | n/a |\n| openssl096 | n/a | 0.9.6m-1sarge1 | n/a |\n| openssl097 | n/a | n/a | 0.9.7g-5 |\n\n\n\nWe recommend that you upgrade your libssl packages.\n\n\n", "cvss3": {}, "published": "2005-10-27T00:00:00", "type": "osv", "title": "openssl094 - cryptographic weakness", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2969"], "modified": "2022-08-10T07:23:38", "id": "OSV:DSA-875-1", "href": "https://osv.dev/vulnerability/DSA-875-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-21T08:20:51", "description": "\nAn integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.\n\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.\n\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.\n\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.\n\n\nWe recommend that you upgrade your helix-player package.\n\n\n", "cvss3": {}, "published": "2005-12-02T00:00:00", "type": "osv", "title": "helix-player - buffer overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2629"], "modified": "2022-07-21T05:51:32", "id": "OSV:DSA-915-1", "href": "https://osv.dev/vulnerability/DSA-915-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:16:46", "description": "\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\n\n* [CAN-2005-1766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1766)\nBuffer overflow in the RealText parser could allow remote code\n execution via a specially crafted RealMedia file with a long\n RealText string.\n* [CAN-2005-2710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2710)\nFormat string vulnerability in Real HelixPlayer and RealPlayer 10\n allows remote attackers to execute arbitrary code via the image\n handle attribute in a RealPix (.rp) or RealText (.rt) file.\n\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.6-1\n\n\nWe recommend that you upgrade your helix-player package.\n\n\nhelix-player was distributed only on the i386 and powerpc architectures\n\n\n", "cvss3": {}, "published": "2005-09-29T00:00:00", "type": "osv", "title": "helix-player - multiple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1766", "CVE-2005-2710"], "modified": "2022-08-10T07:16:45", "id": "OSV:DSA-826-1", "href": "https://osv.dev/vulnerability/DSA-826-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "saint": [{"lastseen": "2016-10-03T15:01:59", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:CB07D6C943AA2B34E7B85CB005E75063", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-07-28T14:33:28", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:74F1BEDE6E32D2B82819435F2160B116", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-20T18:50:11", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<https://vulners.com/cve/CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:32AF98CF80A27AB194B608D45186A636", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T16:46:34", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<https://vulners.com/cve/CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:7A58BDE9BDCCED73750F291E450DEC53", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cisco": [{"lastseen": "2023-11-28T16:05:22", "description": "OpenSSL contains vulnerabilities that could allow an unauthenticated, remote attacker to bypass security restrictions. \n\nThe first vulnerability (CVE-2005-2969) affects any application using a SL/TLS server implementation provided by OpenSSL versions 0.9.7g and prior. If these implementations have options designed to mitigate third party bugs enabled, a remote attacker conducting a man-in-the-middle attack could force connections between the hosts to use the 2.0 version of the SSL protocol. A known cryptographic weaknesses exists in the SSL 2.0 protocol. \n\nThe second vulnerability (CVE-2005-2946) exists in the default configuration of OpenSSL versions prior to 0.9.8a. This configuration creates message digests using MD5. Weaknesses in the cryptographic algorithm could allow a remote attacker to forge certificates with valid certificate authority signatures. \n\nOpenSSL confirmed this vulnerability in a security advisory and released updates.\n\nAttackers are unlikely to exploit these vulnerabilities due to the man-in-the-middle attack vector. Such attacks are very difficult to perform due to the requirement of intercepting and modifying traffic between two hosts in real time. Man-in-the-middle attack are typically only useable by an attacker with physical access to the devices or connections between a customer and service provider.\n\nThere have been a number of demonstrations recently of weaknesses in the MD5 algorithm. While MD5 is technically broken, it is not insecure. It is unlikely that an attacker could successfully create an MD5 collision for use in signing a fake certificate.\n\nAdministrators should not take particular concern with either of these issues. Administrators \nmay consider waiting to update productions systems until full testing of the updated version is complete. If concern of these issues does arise, administrators may consider removing the IE 3.x compatibility flag.", "cvss3": {}, "published": "2005-10-12T15:54:57", "type": "cisco", "title": "OpenSSL Version Rollback and Weak Cryptographic Algorithm Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2946", "CVE-2005-2969"], "modified": "2015-01-31T09:00:00", "id": "CISCO-SA-20051012-CVE-2005-2969", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20051012-CVE-2005-2969", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2021-05-13T09:23:28", "description": "[1.0.1m-2.0.1]\n- update to upstream 1.0.1m\n- update to fips canister 2.0.9\n- regenerated below patches\n openssl-1.0.1-beta2-rpmbuild.patch\n openssl-1.0.1m-rhcompat.patch\n openssl-1.0.1m-ecc-suiteb.patch\n openssl-1.0.1m-fips-mode.patch\n openssl-1.0.1m-version.patch\n openssl-1.0.1m-evp-devel.patch\n[1.0.1j-2.0.4]\n- [Orabug 20182267] The openssl-fips-devel package should Provide:\n openssl-devel and openssl-devel(x86-64) like the standard -devel\n package\n- The openssl-fips-devel package should include fips.h and fips_rand.h\n for apps that want to build against FIPS* APIs\n[1.0.1j-2.0.3]\n- [Orabug 20086847] reintroduce patch openssl-1.0.1e-ecc-suiteb.patch,\n update ec_curve.c which gets copied into build tree to match the patch\n (ie only have curves which are advertised). The change items from the\n orignal patch are as follows:\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1j-2.0.2]\n- update README.FIPS with step-by-step install instructions\n[1.0.1j-2.0.1]\n- update to upstream 1.0.1j\n- change name to openssl-fips\n- change Obsoletes: openssl to Conflicts: openssl\n- add Provides: openssl\n[1.0.1i-2.0.3.fips]\n- update to fips canister 2.0.8 to remove Dual EC DRBG\n- run gcc -v so the gcc build version is captured in the build log\n[1.0.1i-2.0.2.fips]\n- flip EVP_CIPH_* flag bits for compatibility with original RH patched pkg\n[1.0.1i-2.0.1.fips]\n- build against upstream 1.0.1i\n- build against fips validated canister 2.0.7\n- add patch to support fips=1\n- rename pkg to openssl-fips and Obsolete openssl\n[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-16.7]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-16.4]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-16.3]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-16.2]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-16.1]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)\n[1.0.0-4]\n- openssl man page fix (#609484)\n[1.0.0-3]\n- fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738)\n- fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732)\n[1.0.0-2]\n- make CA dir readable - the private keys are in private subdir (#584810)\n- a few fixes from upstream CVS\n- make X509_NAME_hash_old work in FIPS mode (#568395)\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- add eap-fast support (#428181)\n- add possibility to disable zlib by setting\n- add fips mode support for testing purposes\n- do not null dereference on some invalid smime files\n- add buildrequires pkgconfig (#479493)\n[0.9.8g-11]\n- do not add tls extensions to server hello for SSLv3 either\n[0.9.8g-10]\n- move root CA bundle to ca-certificates package\n[0.9.8g-9]\n- fix CVE-2008-0891 - server name extension crash (#448492)\n- fix CVE-2008-1672 - server key exchange message omit crash (#448495)\n[0.9.8g-8]\n- super-H arch support\n- drop workaround for bug 199604 as it should be fixed in gcc-4.3\n[0.9.8g-7]\n- sparc handling\n[0.9.8g-6]\n- update to new root CA bundle from mozilla.org (r1.45)\n[0.9.8g-5]\n- Autorebuild for GCC 4.3\n[0.9.8g-4]\n- merge review fixes (#226220)\n- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)\n[0.9.8g-3]\n- set default paths when no explicit paths are set (#418771)\n- do not add tls extensions to client hello for SSLv3 (#422081)\n[0.9.8g-2]\n- enable some new crypto algorithms and features\n- add some more important bug fixes from openssl CVS\n[0.9.8g-1]\n- update to latest upstream release, SONAME bumped to 7\n[0.9.8b-17]\n- update to new CA bundle from mozilla.org\n[0.9.8b-16]\n- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)\n- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)\n- add alpha sub-archs (#296031)\n[0.9.8b-15]\n- rebuild\n[0.9.8b-14]\n- use localhost in testsuite, hopefully fixes slow build in koji\n- CVE-2007-3108 - fix side channel attack on private keys (#250577)\n- make ssl session cache id matching strict (#233599)\n[0.9.8b-13]\n- allow building on ARM architectures (#245417)\n- use reference timestamps to prevent multilib conflicts (#218064)\n- -devel package must require pkgconfig (#241031)\n[0.9.8b-12]\n- detect duplicates in add_dir properly (#206346)\n[0.9.8b-11]\n- the previous change still didn't make X509_NAME_cmp transitive\n[0.9.8b-10]\n- make X509_NAME_cmp transitive otherwise certificate lookup\n is broken (#216050)\n[0.9.8b-9]\n- aliasing bug in engine loading, patch by IBM (#213216)\n[0.9.8b-8]\n- CVE-2006-2940 fix was incorrect (#208744)\n[0.9.8b-7]\n- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n- fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n- fix CVE-2006-4343 - sslv2 client DoS (#206940)\n[0.9.8b-6]\n- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n[0.9.8b-5]\n- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)\n patch by IBM\n[0.9.8b-4.1]\n- rebuild with new binutils (#200330)\n[0.9.8b-4]\n- add a temporary workaround for sha512 test failure on s390 (#199604)\n* Thu Jul 20 2006 Tomas Mraz \n- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)\n- add patches for BN threadsafety, AES cache collision attack hazard fix and\n pkcs7 code memleak fix from upstream CVS\n[0.9.8b-3.1]\n- rebuild\n[0.9.8b-3]\n- dropped libica and ica engine from build\n* Wed Jun 21 2006 Joe Orton \n- update to new CA bundle from mozilla.org; adds CA certificates\n from netlock.hu and startcom.org\n[0.9.8b-2]\n- fixed a few rpmlint warnings\n- better fix for #173399 from upstream\n- upstream fix for pkcs12\n[0.9.8b-1]\n- upgrade to new version, stays ABI compatible\n- there is no more linux/config.h (it was empty anyway)\n[0.9.8a-6]\n- fix stale open handles in libica (#177155)\n- fix build if 'rand' or 'passwd' in buildroot path (#178782)\n- initialize VIA Padlock engine (#186857)\n[0.9.8a-5.2]\n- bump again for double-long bug on ppc(64)\n[0.9.8a-5.1]\n- rebuilt for new gcc4.1 snapshot and glibc changes\n[0.9.8a-5]\n- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\n in SSL_OP_ALL (#175779)\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[0.9.8a-4]\n- fix build (-lcrypto was erroneusly dropped) of the updated libica\n- updated ICA engine to 1.3.6-rc3\n[0.9.8a-3]\n- disable builtin compression methods for now until they work\n properly (#173399)\n[0.9.8a-2]\n- don't set -rpath for openssl binary\n[0.9.8a-1]\n- new upstream version\n- patches partially renumbered\n[0.9.7f-11]\n- updated IBM ICA engine library and patch to latest upstream version\n[0.9.7f-10]\n- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which\n disables the countermeasure against man in the middle attack in SSLv2\n (#169863)\n- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)\n[0.9.7f-9]\n- add *.so.soversion as symlinks in /lib (#165264)\n- remove unpackaged symlinks (#159595)\n- fixes from upstream (constant time fixes for DSA,\n bn assembler div on ppc arch, initialize memory on realloc)\n[0.9.7f-8]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7f-7]\n- fix CAN-2005-0109 - use constant time/memory access mod_exp\n so bits of private key aren't leaked by cache eviction (#157631)\n- a few more fixes from upstream 0.9.7g\n[0.9.7f-6]\n- use poll instead of select in rand (#128285)\n- fix Makefile.certificate to point to /etc/pki/tls\n- change the default string mask in ASN1 to PrintableString+UTF8String\n[0.9.7f-5]\n- update to revision 1.37 of Mozilla CA bundle\n[0.9.7f-4]\n- move certificates to _sysconfdir/pki/tls (#143392)\n- move CA directories to _sysconfdir/pki/CA\n- patch the CA script and the default config so it points to the\n CA directories\n[0.9.7f-3]\n- uninitialized variable mustn't be used as input in inline\n assembly\n- reenable the x86_64 assembly again\n[0.9.7f-2]\n- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken\n- disable broken bignum assembly on x86_64\n[0.9.7f-1]\n- reenable optimizations on ppc64 and assembly code on ia64\n- upgrade to new upstream version (no soname bump needed)\n- disable thread test - it was testing the backport of the\n RSA blinding - no longer needed\n- added support for changing serial number to\n Makefile.certificate (#151188)\n- make ca-bundle.crt a config file (#118903)\n[0.9.7e-3]\n- libcrypto shouldn't depend on libkrb5 (#135961)\n[0.9.7e-2]\n- rebuild\n[0.9.7e-1]\n- new upstream source, updated patches\n- added patch so we are hopefully ABI compatible with upcoming\n 0.9.7f\n* Thu Feb 10 2005 Tomas Mraz \n- Support UTF-8 charset in the Makefile.certificate (#134944)\n- Added cmp to BuildPrereq\n[0.9.7a-46]\n- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)\n[0.9.7a-45]\n- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)\n[0.9.7a-44]\n- rebuild\n[0.9.7a-43]\n- rebuild\n[0.9.7a-42]\n- rebuild\n[0.9.7a-41]\n- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)\n[0.9.7a-40]\n- Include latest libica version with important bugfixes\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[0.9.7a-38]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7a-37]\n- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)\n[0.9.7a-36]\n- handle %{_arch}=i486/i586/i686/athlon cases in the intermediate\n header (#124303)\n[0.9.7a-35]\n- add security fixes for CAN-2004-0079, CAN-2004-0112\n* Tue Mar 16 2004 Phil Knirsch \n- Fixed libica filespec.\n[0.9.7a-34]\n- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix\n the intermediate header\n[0.9.7a-33]\n- add an intermediate \n which points to the right\n arch-specific opensslconf.h on multilib arches\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[0.9.7a-32]\n- Updated libica to latest upstream version 1.3.5.\n[0.9.7a-31]\n- Update ICA crypto engine patch from IBM to latest version.\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[0.9.7a-29]\n- rebuilt\n[0.9.7a-28]\n- Fixed libica build.\n* Wed Feb 04 2004 Nalin Dahyabhai \n- add '-ldl' to link flags added for Linux-on-ARM (#99313)\n[0.9.7a-27]\n- updated ca-bundle.crt: removed expired GeoTrust roots, added\n freessl.com root, removed trustcenter.de Class 0 root\n[0.9.7a-26]\n- Fix link line for libssl (bug #111154).\n[0.9.7a-25]\n- add dependency on zlib-devel for the -devel package, which depends on zlib\n symbols because we enable zlib for libssl (#102962)\n[0.9.7a-24]\n- Use /dev/urandom instead of PRNG for libica.\n- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c\n- Use latest ICA engine patch from IBM.\n[0.9.7a-22.1]\n- rebuild\n[0.9.7a-22]\n- rebuild (22 wasn't actually built, fun eh?)\n[0.9.7a-23]\n- re-disable optimizations on ppc64\n* Tue Sep 30 2003 Joe Orton \n- add a_mbstr.c fix for 64-bit platforms from CVS\n[0.9.7a-22]\n- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged\n as not needing executable stacks\n[0.9.7a-21]\n- rebuild\n* Thu Sep 25 2003 Nalin Dahyabhai \n- re-enable optimizations on ppc64\n* Thu Sep 25 2003 Nalin Dahyabhai \n- remove exclusivearch\n[0.9.7a-20]\n- only parse a client cert if one was requested\n- temporarily exclusivearch for %{ix86}\n* Tue Sep 23 2003 Nalin Dahyabhai \n- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)\n and heap corruption (CAN-2003-0545)\n- update RHNS-CA-CERT files\n- ease back on the number of threads used in the threading test\n[0.9.7a-19]\n- rebuild to fix gzipped file md5sums (#91211)\n[0.9.7a-18]\n- Updated libica to version 1.3.4.\n[0.9.7a-17]\n- rebuild\n[0.9.7a-10.9]\n- free the kssl_ctx structure when we free an SSL structure (#99066)\n[0.9.7a-16]\n- rebuild\n[0.9.7a-15]\n- lower thread test count on s390x\n[0.9.7a-14]\n- rebuild\n[0.9.7a-13]\n- disable assembly on arches where it seems to conflict with threading\n[0.9.7a-12]\n- Updated libica to latest upstream version 1.3.0\n[0.9.7a-9.9]\n- rebuild\n[0.9.7a-11]\n- rebuild\n[0.9.7a-10]\n- ubsec: don't stomp on output data which might also be input data\n[0.9.7a-9]\n- temporarily disable optimizations on ppc64\n* Mon Jun 09 2003 Nalin Dahyabhai \n- backport fix for engine-used-for-everything from 0.9.7b\n- backport fix for prng not being seeded causing problems, also from 0.9.7b\n- add a check at build-time to ensure that RSA is thread-safe\n- keep perlpath from stomping on the libica configure scripts\n* Fri Jun 06 2003 Nalin Dahyabhai \n- thread-safety fix for RSA blinding\n[0.9.7a-8]\n- rebuilt\n[0.9.7a-7]\n- Added libica-1.2 to openssl (featurerequest).\n[0.9.7a-6]\n- fix building with incorrect flags on ppc64\n[0.9.7a-5]\n- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's\n attack (CAN-2003-0131)\n[ 0.9.7a-4]\n- add patch to enable RSA blinding by default, closing a timing attack\n (CAN-2003-0147)\n[0.9.7a-3]\n- disable use of BN assembly module on x86_64, but continue to allow inline\n assembly (#83403)\n[0.9.7a-2]\n- disable EC algorithms\n[0.9.7a-1]\n- update to 0.9.7a\n[0.9.7-8]\n- add fix to guard against attempts to allocate negative amounts of memory\n- add patch for CAN-2003-0078, fixing a timing attack\n[0.9.7-7]\n- Add openssl-ppc64.patch\n[0.9.7-6]\n- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),\n to get the right behavior when passed uninitialized context structures\n (#83766)\n- build with -mcpu=ev5 on alpha family (#83828)\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[0.9.7-4]\n- Added IBM hw crypto support patch.\n* Wed Jan 15 2003 Nalin Dahyabhai \n- add missing builddep on sed\n[0.9.7-3]\n- debloat\n- fix broken manpage symlinks\n[0.9.7-2]\n- fix double-free in 'openssl ca'\n[0.9.7-1]\n- update to 0.9.7 final\n[0.9.7-0]\n- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n* Wed Dec 11 2002 Nalin Dahyabhai \n- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n[0.9.6b-30]\n- add configuration stanza for x86_64 and use it on x86_64\n- build for linux-ppc on ppc\n- start running the self-tests again\n[0.9.6b-29hammer.3]\n- Merge fixes from previous hammer packages, including general x86-64 and\n multilib\n[0.9.6b-29]\n- rebuild\n[0.9.6b-28]\n- update asn patch to fix accidental reversal of a logic check\n[0.9.6b-27]\n- update asn patch to reduce chance that compiler optimization will remove\n one of the added tests\n[0.9.6b-26]\n- rebuild\n[0.9.6b-25]\n- add patch to fix ASN.1 vulnerabilities\n[0.9.6b-24]\n- add backport of Ben Laurie's patches for OpenSSL 0.9.6d\n[0.9.6b-23]\n- own {_datadir}/ssl/misc\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[0.9.6b-20]\n- free ride through the build system (whee!)\n[0.9.6b-19]\n- rebuild in new environment\n[0.9.6b-17, 0.9.6b-18]\n- merge RHL-specific bits into stronghold package, rename\n[stronghold-0.9.6c-2]\n- add support for Chrysalis Luna token\n* Tue Mar 26 2002 Gary Benson \n- disable AEP random number generation, other AEP fixes\n[0.9.6b-15]\n- only build subpackages on primary arches\n[0.9.6b-13]\n- on ia32, only disable use of assembler on i386\n- enable assembly on ia64\n[0.9.6b-11]\n- fix sparcv9 entry\n[stronghold-0.9.6c-1]\n- upgrade to 0.9.6c\n- bump BuildArch to i686 and enable assembler on all platforms\n- synchronise with shrimpy and rawhide\n- bump soversion to 3\n* Wed Oct 10 2001 Florian La Roche \n- delete BN_LLONG for s390x, patch from Oliver Paukstadt\n[0.9.6b-9]\n- update AEP driver patch\n* Mon Sep 10 2001 Nalin Dahyabhai \n- adjust RNG disabling patch to match version of patch from Broadcom\n[0.9.6b-8]\n- disable the RNG in the ubsec engine driver\n[0.9.6b-7]\n- tweaks to the ubsec engine driver\n[0.9.6b-6]\n- tweaks to the ubsec engine driver\n[0.9.6b-5]\n- update ubsec engine driver from Broadcom\n[0.9.6b-4]\n- move man pages back to %{_mandir}/man?/foo.?ssl from\n %{_mandir}/man?ssl/foo.?\n- add an [ engine ] section to the default configuration file\n* Thu Aug 09 2001 Nalin Dahyabhai \n- add a patch for selecting a default engine in SSL_library_init()\n[0.9.6b-3]\n- add patches for AEP hardware support\n- add patch to keep trying when we fail to load a cert from a file and\n there are more in the file\n- add missing prototype for ENGINE_ubsec() in engine_int.h\n[0.9.6b-2]\n- actually add hw_ubsec to the engine list\n* Tue Jul 17 2001 Nalin Dahyabhai \n- add in the hw_ubsec driver from CVS\n[0.9.6b-1]\n- update to 0.9.6b\n* Thu Jul 05 2001 Nalin Dahyabhai \n- move .so symlinks back to %{_libdir}\n* Tue Jul 03 2001 Nalin Dahyabhai \n- move shared libraries to /lib (#38410)\n* Mon Jun 25 2001 Nalin Dahyabhai \n- switch to engine code base\n* Mon Jun 18 2001 Nalin Dahyabhai \n- add a script for creating dummy certificates\n- move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.?\n* Thu Jun 07 2001 Florian La Roche \n- add s390x support\n* Fri Jun 01 2001 Nalin Dahyabhai \n- change two memcpy() calls to memmove()\n- don't define L_ENDIAN on alpha\n[stronghold-0.9.6a-1]\n- Add 'stronghold-' prefix to package names.\n- Obsolete standard openssl packages.\n* Wed May 16 2001 Joe Orton \n- Add BuildArch: i586 as per Nalin's advice.\n* Tue May 15 2001 Joe Orton \n- Enable assembler on ix86 (using new .tar.bz2 which does\n include the asm directories).\n* Tue May 15 2001 Nalin Dahyabhai \n- make subpackages depend on the main package\n* Tue May 01 2001 Nalin Dahyabhai \n- adjust the hobble script to not disturb symlinks in include/ (fix from\n Joe Orton)\n* Fri Apr 27 2001 Nalin Dahyabhai \n- drop the m2crypo patch we weren't using\n* Tue Apr 24 2001 Nalin Dahyabhai \n- configure using 'shared' as well\n* Sun Apr 08 2001 Nalin Dahyabhai \n- update to 0.9.6a\n- use the build-shared target to build shared libraries\n- bump the soversion to 2 because we're no longer compatible with\n our 0.9.5a packages or our 0.9.6 packages\n- drop the patch for making rsatest a no-op when rsa null support is used\n- put all man pages into \nssl instead of \n- break the m2crypto modules into a separate package\n* Tue Mar 13 2001 Nalin Dahyabhai \n- use BN_LLONG on s390\n* Mon Mar 12 2001 Nalin Dahyabhai \n- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)\n* Sat Mar 03 2001 Nalin Dahyabhai \n- move c_rehash to the perl subpackage, because it's a perl script now\n* Fri Mar 02 2001 Nalin Dahyabhai \n- update to 0.9.6\n- enable MD2\n- use the libcrypto.so and libssl.so targets to build shared libs with\n- bump the soversion to 1 because we're no longer compatible with any of\n the various 0.9.5a packages circulating around, which provide lib*.so.0\n* Wed Feb 28 2001 Florian La Roche \n- change hobble-openssl for disabling MD2 again\n* Tue Feb 27 2001 Nalin Dahyabhai \n- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152\n bytes or so, causing EVP_DigestInit() to zero out stack variables in\n apps built against a version of the library without it\n* Mon Feb 26 2001 Nalin Dahyabhai \n- disable some inline assembly, which on x86 is Pentium-specific\n- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)\n* Thu Feb 08 2001 Florian La Roche \n- fix s390 patch\n* Fri Dec 08 2000 Than Ngo \n- added support s390\n* Mon Nov 20 2000 Nalin Dahyabhai \n- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)\n- add the CA.pl man page to the perl subpackage\n* Thu Nov 02 2000 Nalin Dahyabhai \n- always build with -mcpu=ev5 on alpha\n* Tue Oct 31 2000 Nalin Dahyabhai \n- add a symlink from cert.pem to ca-bundle.crt\n* Wed Oct 25 2000 Nalin Dahyabhai \n- add a ca-bundle file for packages like Samba to reference for CA certificates\n* Tue Oct 24 2000 Nalin Dahyabhai \n- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)\n* Mon Oct 02 2000 Nalin Dahyabhai \n- add unzip as a buildprereq (#17662)\n- update m2crypto to 0.05-snap4\n* Tue Sep 26 2000 Bill Nottingham \n- fix some issues in building when it's not installed\n* Wed Sep 06 2000 Nalin Dahyabhai \n- make sure the headers we include are the ones we built with (aaaaarrgh!)\n* Fri Sep 01 2000 Nalin Dahyabhai \n- add Richard Henderson's patch for BN on ia64\n- clean up the changelog\n* Tue Aug 29 2000 Nalin Dahyabhai \n- fix the building of python modules without openssl-devel already installed\n* Wed Aug 23 2000 Nalin Dahyabhai \n- byte-compile python extensions without the build-root\n- adjust the makefile to not remove temporary files (like .key files when\n building .csr files) by marking them as .PRECIOUS\n* Sat Aug 19 2000 Nalin Dahyabhai \n- break out python extensions into a subpackage\n* Mon Jul 17 2000 Nalin Dahyabhai \n- tweak the makefile some more\n* Tue Jul 11 2000 Nalin Dahyabhai \n- disable MD2 support\n* Thu Jul 06 2000 Nalin Dahyabhai \n- disable MDC2 support\n* Sun Jul 02 2000 Nalin Dahyabhai \n- tweak the disabling of RC5, IDEA support\n- tweak the makefile\n* Thu Jun 29 2000 Nalin Dahyabhai \n- strip binaries and libraries\n- rework certificate makefile to have the right parts for Apache\n* Wed Jun 28 2000 Nalin Dahyabhai \n- use %{_perl} instead of /usr/bin/perl\n- disable alpha until it passes its own test suite\n* Fri Jun 09 2000 Nalin Dahyabhai \n- move the passwd.1 man page out of the passwd package's way\n* Fri Jun 02 2000 Nalin Dahyabhai \n- update to 0.9.5a, modified for U.S.\n- add perl as a build-time requirement\n- move certificate makefile to another package\n- disable RC5, IDEA, RSA support\n- remove optimizations for now\n* Wed Mar 01 2000 Florian La Roche \n- Bero told me to move the Makefile into this package\n* Wed Mar 01 2000 Florian La Roche \n- add lib*.so symlinks to link dynamically against shared libs\n* Tue Feb 29 2000 Florian La Roche \n- update to 0.9.5\n- run ldconfig directly in post/postun\n- add FAQ\n* Sat Dec 18 1999 Bernhard Rosenkrdnzer \n- Fix build on non-x86 platforms\n* Fri Nov 12 1999 Bernhard Rosenkrdnzer \n- move /usr/share/ssl/* from -devel to main package\n* Tue Oct 26 1999 Bernhard Rosenkrdnzer \n- inital packaging\n- changes from base:\n - Move /usr/local/ssl to /usr/share/ssl for FHS compliance\n - handle RPM_OPT_FLAGS\nopenssl-1.0.1-beta2-rpmbuild.patch\nopenssl-0.9.8a-no-rpath.patch", "cvss3": {}, "published": "2015-04-02T00:00:00", "type": "oraclelinux", "title": "openssl-fips security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2003-0078", "CVE-2003-0131", "CVE-2003-0147", "CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0975", "CVE-2005-0109", "CVE-2005-2946", "CVE-2005-2969", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-0891", "CVE-2008-1672", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-5298", "CVE-2011-0014", "CVE-2011-3207", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2333", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2015-04-02T00:00:00", "id": "ELSA-2015-3022", "href": "http://linux.oracle.com/errata/ELSA-2015-3022.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:33", "description": "[1.0.2k-16.0.1.el7_6.1]\n- Bump release for rebuild.\n[1.0.2k-16.1]\n- use SHA-256 in FIPS RSA pairwise key check\n- fix CVE-2018-5407 - EC signature local timing side-channel key extraction\n[1.0.2k-16]\n- fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA\n- fix incorrect error message on FIPS DSA parameter generation (#1603597)\n[1.0.2k-14]\n- ppc64le is not multilib architecture (#1585004)\n[1.0.2k-13]\n- add S390x assembler updates\n- make CA name list comparison function case sensitive (#1548401)\n- fix CVE-2017-3735 - possible one byte overread with X.509 IPAdressFamily\n- fix CVE-2018-0732 - large prime DH DoS of TLS client\n- fix CVE-2018-0737 - RSA key generation cache timing vulnerability\n- fix CVE-2018-0739 - stack overflow parsing recursive ASN.1 structure\n[1.0.2k-12]\n- fix CVE-2017-3737 - incorrect handling of fatal error state\n- fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus\n[1.0.2k-11]\n- fix deadlock in RNG in the FIPS mode in mariadb\n[1.0.2k-9]\n- fix CVE-2017-3736 - carry propagation bug in Montgomery multiplication\n[1.0.2k-8]\n- fix regression in openssl req -x509 command (#1450015)\n[1.0.2k-7]\n- handle incorrect size gracefully in aes_p8_cbc_encrypt()\n[1.0.2k-6]\n- allow long client hellos to be received by server\n[1.0.2k-5]\n- fix CPU features detection on new AMD processors\n[1.0.2k-4]\n- add support for additional STARTTLS protocols to s_client\n original backported patch by Robert Scheck (#1396209)\n[1.0.2k-3]\n- properly document the SSLv2 support removal\n[1.0.2k-2]\n- add PPC assembler updates\n[1.0.2k-1]\n- minor upstream release 1.0.2k fixing security issues\n[1.0.2j-2]\n- deprecate and disable verification of insecure hash algorithms\n- add support for /etc/pki/tls/legacy-settings also for minimum DH length\n accepted by SSL client\n- compare the encrypt and tweak key in XTS as required by FIPS\n[1.0.2j-1]\n- rebase to latest upstream release from the 1.0.2 branch, ABI compatible\n[1.0.1e-60]\n- fix CVE-2016-2177 - possible integer overflow\n- fix CVE-2016-2178 - non-constant time DSA operations\n- fix CVE-2016-2179 - further DoS issues in DTLS\n- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()\n- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue\n- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()\n- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check\n- fix CVE-2016-6304 - unbound memory growth with OCSP status request\n- fix CVE-2016-6306 - certificate message OOB reads\n- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to\n 112 bit effective strength\n[1.0.1e-58]\n- replace expired testing certificates\n[1.0.1e-57]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n[1.0.1e-56]\n- fix 1-byte memory leak in pkcs12 parse (#1312112)\n- document some options of the speed command (#1312110)\n- fix high-precision timestamps in timestamping authority\n- enable SCTP support in DTLS\n- use correct digest when exporting keying material in TLS1.2 (#1289620)\n- fix CVE-2016-0799 - memory issues in BIO_printf\n- add support for setting Kerberos service and keytab in\n s_server and s_client\n[1.0.1e-55]\n- fix CVE-2016-0702 - side channel attack on modular exponentiation\n- fix CVE-2016-0705 - double-free in DSA private key parsing\n- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n[1.0.1e-54]\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[1.0.1e-53]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n[1.0.1e-52]\n- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n- fix CVE-2015-3196 - race condition when handling PSK identity hint\n[1.0.1e-51]\n- fix the CVE-2015-1791 fix (broken server side renegotiation)\n[1.0.1e-50]\n- improved fix for CVE-2015-1791\n- add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n[1.0.1e-49]\n- fix CVE-2014-8176 - invalid free in DTLS buffering code\n- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n- fix CVE-2015-1791 - race condition handling NewSessionTicket\n- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n[1.0.1e-48]\n- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on\n read in multithreaded applications\n[1.0.1e-47]\n- fix CVE-2015-4000 - prevent the logjam attack on client - restrict\n the DH key size to at least 768 bits (limit will be increased in future)\n[1.0.1e-46]\n- drop the AES-GCM restriction of 2^32 operations because the IV is\n always 96 bits (32 bit fixed field + 64 bit invocation field)\n[1.0.1e-45]\n- update fix for CVE-2015-0287 to what was released upstream\n[1.0.1e-44]\n- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()\n- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference\n- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n- fix CVE-2015-0292 - integer underflow in base64 decoder\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n[1.0.1e-43]\n- fix broken error detection when unwrapping unpadded key\n[1.0.1e-42.1]\n- fix the RFC 5649 for key material that does not need padding\n[1.0.1e-42]\n- test in the non-FIPS RSA keygen for minimal distance of p and q\n similarly to the FIPS RSA keygen\n[1.0.1e-41]\n- fix CVE-2014-3570 - incorrect computation in BN_sqr()\n- fix CVE-2014-3571 - possible crash in dtls1_get_record()\n- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state\n- fix CVE-2014-8275 - various certificate fingerprint issues\n- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export\n ciphersuites and on server\n- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate\n- fix CVE-2015-0206 - possible memory leak when buffering DTLS records\n[1.0.1e-40]\n- use FIPS approved method for computation of d in RSA\n- copy digest algorithm when handling SNI context switch\n[1.0.1e-39]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-38]\n- do FIPS algorithm selftest before the integrity check\n[1.0.1e-37]\n- add support for RFC 5649 (#1119738)\n- do not pass the FIPS integrity check if the .hmac files are empty (#1128849)\n- add ECC TLS extensions to DTLS (#1119803)\n- do not send ECC ciphersuites in SSLv2 client hello (#1090955)\n- properly propagate encryption failure in BIO_f_cipher (#1072439)\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n- improve documentation of ciphersuites - patch by Hubert Kario (#1108026)\n- use case insensitive comparison for servername in s_server (#1081163)\n- add support for automatic ECDH curve selection on server (#1080128)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-36]\n- add support for ppc64le architecture\n- add Power 8 optimalizations\n[1.0.1e-35]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-34.3]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-34]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-33]\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-32]\n- avoid unnecessary reseeding in BN_rand in the FIPS mode\n[1.0.1e-31]\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make expiration and key length changeable by DAYS and KEYLEN\n variables in the certificate Makefile (#1058108)\n- change default hash to sha256 (#1062325)\n- lower the actual 3des strength so it is sorted behind aes128 (#1056616)\n[1:1.0.1e-30]\n- Mass rebuild 2014-01-24\n[1.0.1e-29]\n- rebuild with -O3 on ppc64 architecture\n[1.0.1e-28]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1:1.0.1e-27]\n- Mass rebuild 2013-12-27\n[1.0.1e-26]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n- drop weak ciphers from the default TLS ciphersuite list\n- add back some symbols that were dropped with update to 1.0.1 branch\n- more FIPS validation requirement changes\n[1.0.1e-25]\n- fix locking and reseeding problems with FIPS drbg\n[1.0.1e-24]\n- additional changes required for FIPS validation\n- disable verification of certificate, CRL, and OCSP signatures\n using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable\n is not set\n[1.0.1e-23]\n- add back support for secp521r1 EC curve\n- add aarch64 to Configure (#969692)\n[1.0.1e-22]\n- do not advertise ECC curves we do not support (#1022493)\n[1.0.1e-21]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n- drop the -fips subpackage, installation of dracut-fips marks that the FIPS\n module is installed\n- avoid dlopening libssl.so from libcrypto\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-20]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n- try to avoid some races when updating the -fips subpackage\n[1.0.1e-19]\n- use version-release in .hmac suffix to avoid overwrite\n during upgrade\n[1.0.1e-18]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-16]\n- add -fips subpackage that contains the FIPS module files\n[1.0.1e-15]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-14]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-13]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-12]\n- use _prefix macro\n[1.0.1e-11]\n- add openssl.cnf.5 manpage symlink to config.5\n[1.0.1e-10]\n- add relro linking flag\n[1.0.1e-9]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-8]\n- disable GOST engine\n[1.0.1e-7]\n- add symbol version for ECC functions\n[1.0.1e-6]\n- update the FIPS selftests to use 256 bit curves\n[1.0.1e-5]\n- enabled NIST Suite B ECC curves and algorithms\n[1.0.1e-4]\n- fix random bad record mac errors (#918981)\n[1.0.1e-3]\n- fix up the SHLIB_VERSION_NUMBER\n[1.0.1e-2]\n- disable ZLIB loading by default (due to CRIME attack)\n[1.0.1e-1]\n- new upstream version\n[1.0.1c-12]\n- more fixes from upstream\n- fix errors in manual causing build failure (#904777)\n[1.0.1c-11]\n- add script for renewal of a self-signed cert by Philip Prindeville (#871566)\n- allow X509_issuer_and_serial_hash() produce correct result in\n the FIPS mode (#881336)\n[1.0.1c-10]\n- do not load default verify paths if CApath or CAfile specified (#884305)\n[1.0.1c-9]\n- more fixes from upstream CVS\n- fix DSA key pairwise check (#878597)\n[1.0.1c-8]\n- use 1024 bit DH parameters in s_server as 512 bit is not allowed\n in FIPS mode and it is quite weak anyway\n[1.0.1c-7]\n- add missing initialization of str in aes_ccm_init_key (#853963)\n- add important patches from upstream CVS\n- use the secure_getenv() with new glibc\n[1:1.0.1c-6]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild\n[1.0.1c-5]\n- use __getenv_secure() instead of __libc_enable_secure\n[1.0.1c-4]\n- do not move libcrypto to /lib\n- do not use environment variables if __libc_enable_secure is on\n- fix strict aliasing problems in modes\n[1.0.1c-3]\n- fix DSA key generation in FIPS mode (#833866)\n- allow duplicate FIPS_mode_set(1)\n- enable build on ppc64 subarch (#834652)\n[1.0.1c-2]\n- fix s_server with new glibc when no global IPv6 address (#839031)\n- make it build with new Perl\n[1.0.1c-1]\n- new upstream version\n[1.0.1b-1]\n- new upstream version\n[1.0.1a-1]\n- new upstream version fixing CVE-2012-2110\n[1.0.1-3]\n- add Kerberos 5 libraries to pkgconfig for static linking (#807050)\n[1.0.1-2]\n- backports from upstream CVS\n- fix segfault when /dev/urandom is not available (#809586)\n[1.0.1-1]\n- new upstream release\n[1.0.1-0.3.beta3]\n- add obsoletes to assist multilib updates (#799636)\n[1.0.1-0.2.beta3]\n- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17\n- new upstream release from the 1.0.1 branch\n- fix s390x build (#798411)\n- versioning for the SSLeay symbol (#794950)\n- add -DPURIFY to build flags (#797323)\n- filter engine provides\n- split the libraries to a separate -libs package\n- add make to requires on the base package (#783446)\n[1.0.1-0.1.beta2]\n- new upstream release from the 1.0.1 branch, ABI compatible\n- add documentation for the -no_ign_eof option\n[1.0.0g-1]\n- new upstream release fixing CVE-2012-0050 - DoS regression in\n DTLS support introduced by the previous release (#782795)\n[1.0.0f-1]\n- new upstream release fixing multiple CVEs\n[1.0.0e-4]\n- move the libraries needed for static linking to Libs.private\n[1.0.0e-3]\n- do not use AVX instructions when osxsave bit not set\n- add direct known answer tests for SHA2 algorithms\n[1.0.0e-2]\n- fix missing initialization of variable in CHIL engine\n[1.0.0e-1]\n- new upstream release fixing CVE-2011-3207 (#736088)\n[1.0.0d-8]\n- drop the separate engine for Intel acceleration improvements\n and merge in the AES-NI, SHA1, and RC4 optimizations\n- add support for OPENSSL_DISABLE_AES_NI environment variable\n that disables the AES-NI support\n[1.0.0d-7]\n- correct openssl cms help output (#636266)\n- more tolerant starttls detection in XMPP protocol (#608239)\n[1.0.0d-6]\n- add support for newest Intel acceleration improvements backported\n from upstream by Intel in form of a separate engine\n[1.0.0d-5]\n- allow the AES-NI engine in the FIPS mode\n[1.0.0d-4]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0d-3]\n- add support for VIA Padlock on 64bit arch from upstream (#617539)\n- do not return bogus values from load_certs (#652286)\n[1.0.0d-2]\n- clarify apps help texts for available digest algorithms (#693858)\n[1.0.0d-1]\n- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)\n[1.0.0c-4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild\n[1.0.0c-3]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0c-2]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers\n[1.0.0c-1]\n- new upstream version fixing CVE-2010-4180\n[1.0.0b-3]\n- replace the revert for the s390x bignum asm routines with\n fix from upstream\n[1.0.0b-2]\n- revert upstream change in s390x bignum asm routines\n[1.0.0b-1]\n- new upstream version fixing CVE-2010-3864 (#649304)\n[1.0.0a-3]\n- make SHLIB_VERSION reflect the library suffix\n[1.0.0a-2]\n- openssl man page fix (#609484)\n[1.0.0a-1]\n- new upstream patch release, fixes CVE-2010-0742 (#598738)\n and CVE-2010-1633 (#598732)\n[1.0.0-5]\n- pkgconfig files now contain the correct libdir (#593723)\n[1.0.0-4]\n- make CA dir readable - the private keys are in private subdir (#584810)\n[1.0.0-3]\n- a few fixes from upstream CVS\n- move libcrypto to /lib (#559953)\n[1.0.0-2]\n- set UTC timezone on pod2man run (#578842)\n- make X509_NAME_hash_old work in FIPS mode\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- add eap-fast support (#428181)\n- add possibility to disable zlib by setting\n- add fips mode support for testing purposes\n- do not null dereference on some invalid smime files\n- add buildrequires pkgconfig (#479493)\n[0.9.8g-11]\n- do not add tls extensions to server hello for SSLv3 either\n[0.9.8g-10]\n- move root CA bundle to ca-certificates package\n[0.9.8g-9]\n- fix CVE-2008-0891 - server name extension crash (#448492)\n- fix CVE-2008-1672 - server key exchange message omit crash (#448495)\n[0.9.8g-8]\n- super-H arch support\n- drop workaround for bug 199604 as it should be fixed in gcc-4.3\n[0.9.8g-7]\n- sparc handling\n[0.9.8g-6]\n- update to new root CA bundle from mozilla.org (r1.45)\n[0.9.8g-5]\n- Autorebuild for GCC 4.3\n[0.9.8g-4]\n- merge review fixes (#226220)\n- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)\n[0.9.8g-3]\n- set default paths when no explicit paths are set (#418771)\n- do not add tls extensions to client hello for SSLv3 (#422081)\n[0.9.8g-2]\n- enable some new crypto algorithms and features\n- add some more important bug fixes from openssl CVS\n[0.9.8g-1]\n- update to latest upstream release, SONAME bumped to 7\n[0.9.8b-17]\n- update to new CA bundle from mozilla.org\n[0.9.8b-16]\n- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)\n- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)\n- add alpha sub-archs (#296031)\n[0.9.8b-15]\n- rebuild\n[0.9.8b-14]\n- use localhost in testsuite, hopefully fixes slow build in koji\n- CVE-2007-3108 - fix side channel attack on private keys (#250577)\n- make ssl session cache id matching strict (#233599)\n[0.9.8b-13]\n- allow building on ARM architectures (#245417)\n- use reference timestamps to prevent multilib conflicts (#218064)\n- -devel package must require pkgconfig (#241031)\n[0.9.8b-12]\n- detect duplicates in add_dir properly (#206346)\n[0.9.8b-11]\n- the previous change still didn't make X509_NAME_cmp transitive\n[0.9.8b-10]\n- make X509_NAME_cmp transitive otherwise certificate lookup\n is broken (#216050)\n[0.9.8b-9]\n- aliasing bug in engine loading, patch by IBM (#213216)\n[0.9.8b-8]\n- CVE-2006-2940 fix was incorrect (#208744)\n[0.9.8b-7]\n- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n- fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n- fix CVE-2006-4343 - sslv2 client DoS (#206940)\n[0.9.8b-6]\n- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n[0.9.8b-5]\n- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)\n patch by IBM\n[0.9.8b-4.1]\n- rebuild with new binutils (#200330)\n[0.9.8b-4]\n- add a temporary workaround for sha512 test failure on s390 (#199604)\n* Thu Jul 20 2006 Tomas Mraz \n- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)\n- add patches for BN threadsafety, AES cache collision attack hazard fix and\n pkcs7 code memleak fix from upstream CVS\n[0.9.8b-3.1]\n- rebuild\n[0.9.8b-3]\n- dropped libica and ica engine from build\n* Wed Jun 21 2006 Joe Orton \n- update to new CA bundle from mozilla.org; adds CA certificates\n from netlock.hu and startcom.org\n[0.9.8b-2]\n- fixed a few rpmlint warnings\n- better fix for #173399 from upstream\n- upstream fix for pkcs12\n[0.9.8b-1]\n- upgrade to new version, stays ABI compatible\n- there is no more linux/config.h (it was empty anyway)\n[0.9.8a-6]\n- fix stale open handles in libica (#177155)\n- fix build if 'rand' or 'passwd' in buildroot path (#178782)\n- initialize VIA Padlock engine (#186857)\n[0.9.8a-5.2]\n- bump again for double-long bug on ppc(64)\n[0.9.8a-5.1]\n- rebuilt for new gcc4.1 snapshot and glibc changes\n[0.9.8a-5]\n- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\n in SSL_OP_ALL (#175779)\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[0.9.8a-4]\n- fix build (-lcrypto was erroneusly dropped) of the updated libica\n- updated ICA engine to 1.3.6-rc3\n[0.9.8a-3]\n- disable builtin compression methods for now until they work\n properly (#173399)\n[0.9.8a-2]\n- don't set -rpath for openssl binary\n[0.9.8a-1]\n- new upstream version\n- patches partially renumbered\n[0.9.7f-11]\n- updated IBM ICA engine library and patch to latest upstream version\n[0.9.7f-10]\n- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which\n disables the countermeasure against man in the middle attack in SSLv2\n (#169863)\n- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)\n[0.9.7f-9]\n- add *.so.soversion as symlinks in /lib (#165264)\n- remove unpackaged symlinks (#159595)\n- fixes from upstream (constant time fixes for DSA,\n bn assembler div on ppc arch, initialize memory on realloc)\n[0.9.7f-8]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7f-7]\n- fix CAN-2005-0109 - use constant time/memory access mod_exp\n so bits of private key aren't leaked by cache eviction (#157631)\n- a few more fixes from upstream 0.9.7g\n[0.9.7f-6]\n- use poll instead of select in rand (#128285)\n- fix Makefile.certificate to point to /etc/pki/tls\n- change the default string mask in ASN1 to PrintableString+UTF8String\n[0.9.7f-5]\n- update to revision 1.37 of Mozilla CA bundle\n[0.9.7f-4]\n- move certificates to _sysconfdir/pki/tls (#143392)\n- move CA directories to _sysconfdir/pki/CA\n- patch the CA script and the default config so it points to the\n CA directories\n[0.9.7f-3]\n- uninitialized variable mustn't be used as input in inline\n assembly\n- reenable the x86_64 assembly again\n[0.9.7f-2]\n- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken\n- disable broken bignum assembly on x86_64\n[0.9.7f-1]\n- reenable optimizations on ppc64 and assembly code on ia64\n- upgrade to new upstream version (no soname bump needed)\n- disable thread test - it was testing the backport of the\n RSA blinding - no longer needed\n- added support for changing serial number to\n Makefile.certificate (#151188)\n- make ca-bundle.crt a config file (#118903)\n[0.9.7e-3]\n- libcrypto shouldn't depend on libkrb5 (#135961)\n[0.9.7e-2]\n- rebuild\n[0.9.7e-1]\n- new upstream source, updated patches\n- added patch so we are hopefully ABI compatible with upcoming\n 0.9.7f\n* Thu Feb 10 2005 Tomas Mraz \n- Support UTF-8 charset in the Makefile.certificate (#134944)\n- Added cmp to BuildPrereq\n[0.9.7a-46]\n- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)\n[0.9.7a-45]\n- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)\n[0.9.7a-44]\n- rebuild\n[0.9.7a-43]\n- rebuild\n[0.9.7a-42]\n- rebuild\n[0.9.7a-41]\n- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)\n[0.9.7a-40]\n- Include latest libica version with important bugfixes\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[0.9.7a-38]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7a-37]\n- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)\n[0.9.7a-36]\n- handle %{_arch}=i486/i586/i686/athlon cases in the intermediate\n header (#124303)\n[0.9.7a-35]\n- add security fixes for CAN-2004-0079, CAN-2004-0112\n* Tue Mar 16 2004 Phil Knirsch \n- Fixed libica filespec.\n[0.9.7a-34]\n- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix\n the intermediate header\n[0.9.7a-33]\n- add an intermediate \n which points to the right\n arch-specific opensslconf.h on multilib arches\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[0.9.7a-32]\n- Updated libica to latest upstream version 1.3.5.\n[0.9.7a-31]\n- Update ICA crypto engine patch from IBM to latest version.\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[0.9.7a-29]\n- rebuilt\n[0.9.7a-28]\n- Fixed libica build.\n* Wed Feb 04 2004 Nalin Dahyabhai \n- add '-ldl' to link flags added for Linux-on-ARM (#99313)\n[0.9.7a-27]\n- updated ca-bundle.crt: removed expired GeoTrust roots, added\n freessl.com root, removed trustcenter.de Class 0 root\n[0.9.7a-26]\n- Fix link line for libssl (bug #111154).\n[0.9.7a-25]\n- add dependency on zlib-devel for the -devel package, which depends on zlib\n symbols because we enable zlib for libssl (#102962)\n[0.9.7a-24]\n- Use /dev/urandom instead of PRNG for libica.\n- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c\n- Use latest ICA engine patch from IBM.\n[0.9.7a-22.1]\n- rebuild\n[0.9.7a-22]\n- rebuild (22 wasn't actually built, fun eh?)\n[0.9.7a-23]\n- re-disable optimizations on ppc64\n* Tue Sep 30 2003 Joe Orton \n- add a_mbstr.c fix for 64-bit platforms from CVS\n[0.9.7a-22]\n- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged\n as not needing executable stacks\n[0.9.7a-21]\n- rebuild\n* Thu Sep 25 2003 Nalin Dahyabhai \n- re-enable optimizations on ppc64\n* Thu Sep 25 2003 Nalin Dahyabhai \n- remove exclusivearch\n[0.9.7a-20]\n- only parse a client cert if one was requested\n- temporarily exclusivearch for %{ix86}\n* Tue Sep 23 2003 Nalin Dahyabhai \n- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)\n and heap corruption (CAN-2003-0545)\n- update RHNS-CA-CERT files\n- ease back on the number of threads used in the threading test\n[0.9.7a-19]\n- rebuild to fix gzipped file md5sums (#91211)\n[0.9.7a-18]\n- Updated libica to version 1.3.4.\n[0.9.7a-17]\n- rebuild\n[0.9.7a-10.9]\n- free the kssl_ctx structure when we free an SSL structure (#99066)\n[0.9.7a-16]\n- rebuild\n[0.9.7a-15]\n- lower thread test count on s390x\n[0.9.7a-14]\n- rebuild\n[0.9.7a-13]\n- disable assembly on arches where it seems to conflict with threading\n[0.9.7a-12]\n- Updated libica to latest upstream version 1.3.0\n[0.9.7a-9.9]\n- rebuild\n[0.9.7a-11]\n- rebuild\n[0.9.7a-10]\n- ubsec: don't stomp on output data which might also be input data\n[0.9.7a-9]\n- temporarily disable optimizations on ppc64\n* Mon Jun 09 2003 Nalin Dahyabhai \n- backport fix for engine-used-for-everything from 0.9.7b\n- backport fix for prng not being seeded causing problems, also from 0.9.7b\n- add a check at build-time to ensure that RSA is thread-safe\n- keep perlpath from stomping on the libica configure scripts\n* Fri Jun 06 2003 Nalin Dahyabhai \n- thread-safety fix for RSA blinding\n[0.9.7a-8]\n- rebuilt\n[0.9.7a-7]\n- Added libica-1.2 to openssl (featurerequest).\n[0.9.7a-6]\n- fix building with incorrect flags on ppc64\n[0.9.7a-5]\n- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's\n attack (CAN-2003-0131)\n[ 0.9.7a-4]\n- add patch to enable RSA blinding by default, closing a timing attack\n (CAN-2003-0147)\n[0.9.7a-3]\n- disable use of BN assembly module on x86_64, but continue to allow inline\n assembly (#83403)\n[0.9.7a-2]\n- disable EC algorithms\n[0.9.7a-1]\n- update to 0.9.7a\n[0.9.7-8]\n- add fix to guard against attempts to allocate negative amounts of memory\n- add patch for CAN-2003-0078, fixing a timing attack\n[0.9.7-7]\n- Add openssl-ppc64.patch\n[0.9.7-6]\n- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),\n to get the right behavior when passed uninitialized context structures\n (#83766)\n- build with -mcpu=ev5 on alpha family (#83828)\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[0.9.7-4]\n- Added IBM hw crypto support patch.\n* Wed Jan 15 2003 Nalin Dahyabhai \n- add missing builddep on sed\n[0.9.7-3]\n- debloat\n- fix broken manpage symlinks\n[0.9.7-2]\n- fix double-free in 'openssl ca'\n[0.9.7-1]\n- update to 0.9.7 final\n[0.9.7-0]\n- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n* Wed Dec 11 2002 Nalin Dahyabhai \n- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n[0.9.6b-30]\n- add configuration stanza for x86_64 and use it on x86_64\n- build for linux-ppc on ppc\n- start running the self-tests again\n[0.9.6b-29hammer.3]\n- Merge fixes from previous hammer packages, including general x86-64 and\n multilib\n[0.9.6b-29]\n- rebuild\n[0.9.6b-28]\n- update asn patch to fix accidental reversal of a logic check\n[0.9.6b-27]\n- update asn patch to reduce chance that compiler optimization will remove\n one of the added tests\n[0.9.6b-26]\n- rebuild\n[0.9.6b-25]\n- add patch to fix ASN.1 vulnerabilities\n[0.9.6b-24]\n- add backport of Ben Laurie's patches for OpenSSL 0.9.6d\n[0.9.6b-23]\n- own {_datadir}/ssl/misc\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[0.9.6b-20]\n- free ride through the build system (whee!)\n[0.9.6b-19]\n- rebuild in new environment\n[0.9.6b-17, 0.9.6b-18]\n- merge RHL-specific bits into stronghold package, rename\n[stronghold-0.9.6c-2]\n- add support for Chrysalis Luna token\n* Tue Mar 26 2002 Gary Benson \n- disable AEP random number generation, other AEP fixes\n[0.9.6b-15]\n- only build subpackages on primary arches\n[0.9.6b-13]\n- on ia32, only disable use of assembler on i386\n- enable assembly on ia64\n[0.9.6b-11]\n- fix sparcv9 entry\n[stronghold-0.9.6c-1]\n- upgrade to 0.9.6c\n- bump BuildArch to i686 and enable assembler on all platforms\n- synchronise with shrimpy and rawhide\n- bump soversion to 3\n* Wed Oct 10 2001 Florian La Roche \n- delete BN_LLONG for s390x, patch from Oliver Paukstadt\n[0.9.6b-9]\n- update AEP driver patch\n* Mon Sep 10 2001 Nalin Dahyabhai \n- adjust RNG disabling patch to match version of patch from Broadcom\n[0.9.6b-8]\n- disable the RNG in the ubsec engine driver\n[0.9.6b-7]\n- tweaks to the ubsec engine driver\n[0.9.6b-6]\n- tweaks to the ubsec engine driver\n[0.9.6b-5]\n- update ubsec engine driver from Broadcom\n[0.9.6b-4]\n- move man pages back to %{_mandir}/man?/foo.?ssl from\n %{_mandir}/man?ssl/foo.?\n- add an [ engine ] section to the default configuration file\n* Thu Aug 09 2001 Nalin Dahyabhai \n- add a patch for selecting a default engine in SSL_library_init()\n[0.9.6b-3]\n- add patches for AEP hardware support\n- add patch to keep trying when we fail to load a cert from a file and\n there are more in the file\n- add missing prototype for ENGINE_ubsec() in engine_int.h\n[0.9.6b-2]\n- actually add hw_ubsec to the engine list\n* Tue Jul 17 2001 Nalin Dahyabhai \n- add in the hw_ubsec driver from CVS\n[0.9.6b-1]\n- update to 0.9.6b\n* Thu Jul 05 2001 Nalin Dahyabhai \n- move .so symlinks back to %{_libdir}\n* Tue Jul 03 2001 Nalin Dahyabhai \n- move shared libraries to /lib (#38410)\n* Mon Jun 25 2001 Nalin Dahyabhai \n- switch to engine code base\n* Mon Jun 18 2001 Nalin Dahyabhai \n- add a script for creating dummy certificates\n- move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.?\n* Thu Jun 07 2001 Florian La Roche \n- add s390x support\n* Fri Jun 01 2001 Nalin Dahyabhai \n- change two memcpy() calls to memmove()\n- don't define L_ENDIAN on alpha\n[stronghold-0.9.6a-1]\n- Add 'stronghold-' prefix to package names.\n- Obsolete standard openssl packages.\n* Wed May 16 2001 Joe Orton \n- Add BuildArch: i586 as per Nalin's advice.\n* Tue May 15 2001 Joe Orton \n- Enable assembler on ix86 (using new .tar.bz2 which does\n include the asm directories).\n* Tue May 15 2001 Nalin Dahyabhai \n- make subpackages depend on the main package\n* Tue May 01 2001 Nalin Dahyabhai \n- adjust the hobble script to not disturb symlinks in include/ (fix from\n Joe Orton)\n* Fri Apr 27 2001 Nalin Dahyabhai \n- drop the m2crypo patch we weren't using\n* Tue Apr 24 2001 Nalin Dahyabhai \n- configure using 'shared' as well\n* Sun Apr 08 2001 Nalin Dahyabhai \n- update to 0.9.6a\n- use the build-shared target to build shared libraries\n- bump the soversion to 2 because we're no longer compatible with\n our 0.9.5a packages or our 0.9.6 packages\n- drop the patch for making rsatest a no-op when rsa null support is used\n- put all man pages into \nssl instead of \n- break the m2crypto modules into a separate package\n* Tue Mar 13 2001 Nalin Dahyabhai \n- use BN_LLONG on s390\n* Mon Mar 12 2001 Nalin Dahyabhai \n- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)\n* Sat Mar 03 2001 Nalin Dahyabhai \n- move c_rehash to the perl subpackage, because it's a perl script now\n* Fri Mar 02 2001 Nalin Dahyabhai \n- update to 0.9.6\n- enable MD2\n- use the libcrypto.so and libssl.so targets to build shared libs with\n- bump the soversion to 1 because we're no longer compatible with any of\n the various 0.9.5a packages circulating around, which provide lib*.so.0\n* Wed Feb 28 2001 Florian La Roche \n- change hobble-openssl for disabling MD2 again\n* Tue Feb 27 2001 Nalin Dahyabhai \n- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152\n bytes or so, causing EVP_DigestInit() to zero out stack variables in\n apps built against a version of the library without it\n* Mon Feb 26 2001 Nalin Dahyabhai \n- disable some inline assembly, which on x86 is Pentium-specific\n- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)\n* Thu Feb 08 2001 Florian La Roche \n- fix s390 patch\n* Fri Dec 08 2000 Than Ngo \n- added support s390\n* Mon Nov 20 2000 Nalin Dahyabhai \n- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)\n- add the CA.pl man page to the perl subpackage\n* Thu Nov 02 2000 Nalin Dahyabhai \n- always build with -mcpu=ev5 on alpha\n* Tue Oct 31 2000 Nalin Dahyabhai \n- add a symlink from cert.pem to ca-bundle.crt\n* Wed Oct 25 2000 Nalin Dahyabhai \n- add a ca-bundle file for packages like Samba to reference for CA certificates\n* Tue Oct 24 2000 Nalin Dahyabhai \n- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)\n* Mon Oct 02 2000 Nalin Dahyabhai \n- add unzip as a buildprereq (#17662)\n- update m2crypto to 0.05-snap4\n* Tue Sep 26 2000 Bill Nottingham \n- fix some issues in building when it's not installed\n* Wed Sep 06 2000 Nalin Dahyabhai \n- make sure the headers we include are the ones we built with (aaaaarrgh!)\n* Fri Sep 01 2000 Nalin Dahyabhai \n- add Richard Henderson's patch for BN on ia64\n- clean up the changelog\n* Tue Aug 29 2000 Nalin Dahyabhai \n- fix the building of python modules without openssl-devel already installed\n* Wed Aug 23 2000 Nalin Dahyabhai \n- byte-compile python extensions without the build-root\n- adjust the makefile to not remove temporary files (like .key files when\n building .csr files) by marking them as .PRECIOUS\n* Sat Aug 19 2000 Nalin Dahyabhai \n- break out python extensions into a subpackage\n* Mon Jul 17 2000 Nalin Dahyabhai \n- tweak the makefile some more\n* Tue Jul 11 2000 Nalin Dahyabhai \n- disable MD2 support\n* Thu Jul 06 2000 Nalin Dahyabhai \n- disable MDC2 support\n* Sun Jul 02 2000 Nalin Dahyabhai \n- tweak the disabling of RC5, IDEA support\n- tweak the makefile\n* Thu Jun 29 2000 Nalin Dahyabhai \n- strip binaries and libraries\n- rework certificate makefile to have the right parts for Apache\n* Wed Jun 28 2000 Nalin Dahyabhai \n- use %{_perl} instead of /usr/bin/perl\n- disable alpha until it passes its own test suite\n* Fri Jun 09 2000 Nalin Dahyabhai \n- move the passwd.1 man page out of the passwd package's way\n* Fri Jun 02 2000 Nalin Dahyabhai \n- update to 0.9.5a, modified for U.S.\n- add perl as a build-time requirement\n- move certificate makefile to another package\n- disable RC5, IDEA, RSA support\n- remove optimizations for now\n* Wed Mar 01 2000 Florian La Roche \n- Bero told me to move the Makefile into this package\n* Wed Mar 01 2000 Florian La Roche \n- add lib*.so symlinks to link dynamically against shared libs\n* Tue Feb 29 2000 Florian La Roche \n- update to 0.9.5\n- run ldconfig directly in post/postun\n- add FAQ\n* Sat Dec 18 1999 Bernhard Rosenkrdnzer \n- Fix build on non-x86 platforms\n* Fri Nov 12 1999 Bernhard Rosenkrdnzer \n- move /usr/share/ssl/* from -devel to main package\n* Tue Oct 26 1999 Bernhard Rosenkrdnzer \n- inital packaging\n- changes from base:\n - Move /usr/local/ssl to /usr/share/ssl for FHS compliance\n - handle RPM_OPT_FLAGS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-03-13T00:00:00", "type": "oraclelinux", "title": "openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0078", "CVE-2003-0131", "CVE-2003-0147", "CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0975", "CVE-2005-0109", "CVE-2005-2946", "CVE-2005-2969", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-0891", "CVE-2008-1672", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-4180", "CVE-2010-5298", "CVE-2011-0014", "CVE-2011-3207", "CVE-2012-0050", "CVE-2012-2110", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8176", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2015-3216", "CVE-2015-4000", "CVE-2015-7575", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-5407"], "modified": "2019-03-13T00:00:00", "id": "ELSA-2019-4581", "href": "http://linux.oracle.com/errata/ELSA-2019-4581.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:45", "description": "[1.0.1e-58.0.1]\n- Oracle bug 28730228: backport CVE-2018-0732\n- Oracle bug 28758493: backport CVE-2018-0737\n- Merge upstream patch to fix CVE-2018-0739\n- Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz\n- sha256 is used for the RSA pairwise consistency test instead of sha1\n[1.0.1e-58]\n- fix CVE-2019-1559 - 0-byte record padding oracle\n[1.0.1e-57]\n- fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher\n[1.0.1e-55]\n- fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts\n[1.0.1e-54]\n- fix handling of ciphersuites present after the FALLBACK_SCSV\n ciphersuite entry (#1386350)\n[1.0.1e-53]\n- add README.legacy-settings\n[1.0.1e-52]\n- deprecate and disable verification of insecure hash algorithms\n- disallow DH keys with less than 1024 bits in TLS client\n- remove support for weak and export ciphersuites\n- use correct digest when exporting keying material in TLS1.2 (#1376741)\n[1.0.1e-50]\n- fix CVE-2016-2177 - possible integer overflow\n- fix CVE-2016-2178 - non-constant time DSA operations\n- fix CVE-2016-2179 - further DoS issues in DTLS\n- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()\n- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue\n- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()\n- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check\n- fix CVE-2016-6304 - unbound memory growth with OCSP status request\n- fix CVE-2016-6306 - certificate message OOB reads\n- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to\n 112 bit effective strength\n- replace expired testing certificates\n[1.0.1e-49]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n- fix CVE-2016-0799 - memory issues in BIO_printf\n[1.0.1e-48]\n- fix CVE-2016-0702 - side channel attack on modular exponentiation\n- fix CVE-2016-0705 - double-free in DSA private key parsing\n- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n[1.0.1e-47]\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[1.0.1e-46]\n- fix 1-byte memory leak in pkcs12 parse (#1229871)\n- document some options of the speed command (#1197095)\n[1.0.1e-45]\n- fix high-precision timestamps in timestamping authority\n[1.0.1e-44]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n[1.0.1e-43]\n- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n- fix CVE-2015-3196 - race condition when handling PSK identity hint\n[1.0.1e-42]\n- fix regression caused by mistake in fix for CVE-2015-1791\n[1.0.1e-41]\n- improved fix for CVE-2015-1791\n- add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n[1.0.1e-40]\n- fix CVE-2014-8176 - invalid free in DTLS buffering code\n- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n- fix CVE-2015-1791 - race condition handling NewSessionTicket\n- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n[1.0.1e-39]\n- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on\n read in multithreaded applications\n[1.0.1e-38]\n- fix CVE-2015-4000 - prevent the logjam attack on client - restrict\n the DH key size to at least 768 bits (limit will be increased in future)\n[1.0.1e-37]\n- drop the AES-GCM restriction of 2^32 operations because the IV is\n always 96 bits (32 bit fixed field + 64 bit invocation field)\n[1.0.1e-36]\n- update fix for CVE-2015-0287 to what was released upstream\n[1.0.1e-35]\n- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()\n- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference\n- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n- fix CVE-2015-0292 - integer underflow in base64 decoder\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n[1.0.1e-34]\n- copy digest algorithm when handling SNI context switch\n- improve documentation of ciphersuites - patch by Hubert Kario\n- add support for setting Kerberos service and keytab in\n s_server and s_client\n[1.0.1e-33]\n- fix CVE-2014-3570 - incorrect computation in BN_sqr()\n- fix CVE-2014-3571 - possible crash in dtls1_get_record()\n- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state\n- fix CVE-2014-8275 - various certificate fingerprint issues\n- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export\n ciphersuites and on server\n- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate\n- fix CVE-2015-0206 - possible memory leak when buffering DTLS records\n[1.0.1e-32]\n- use FIPS approved method for computation of d in RSA\n[1.0.1e-31]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-30]\n- add ECC TLS extensions to DTLS (#1119800)\n[1.0.1e-29]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-28]\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n[1.0.1e-26]\n- drop EXPORT, RC2, and DES from the default cipher list (#1057520)\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- do not include ECC ciphersuites in SSLv2 client hello (#1090952)\n- properly detect encryption failure in BIO (#1100819)\n- fail on hmac integrity check if the .hmac file is empty (#1105567)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-25]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-24]\n- add back support for secp521r1 EC curve\n[1.0.1e-23]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-22]\n- use 2048 bit RSA key in FIPS selftests\n[1.0.1e-21]\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make 3des strength to be 128 bits instead of 168 (#1056616)\n- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits\n- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)\n- FIPS mode: add DH selftest\n- FIPS mode: reseed DRBG properly on RAND_add()\n- FIPS mode: add RSA encrypt/decrypt selftest\n- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-20]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-19]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-18]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-17]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)\n[1.0.0-4]\n- openssl man page fix (#609484)\n[1.0.0-3]\n- fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738)\n- fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732)\n[1.0.0-2]\n- make CA dir readable - the private keys are in private subdir (#584810)\n- a few fixes from upstream CVS\n- make X509_NAME_hash_old work in FIPS mode (#568395)\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- add eap-fast support (#428181)\n- add possibility to disable zlib by setting\n- add fips mode support for testing purposes\n- do not null dereference on some invalid smime files\n- add buildrequires pkgconfig (#479493)\n[0.9.8g-11]\n- do not add tls extensions to server hello for SSLv3 either\n[0.9.8g-10]\n- move root CA bundle to ca-certificates package\n[0.9.8g-9]\n- fix CVE-2008-0891 - server name extension crash (#448492)\n- fix CVE-2008-1672 - server key exchange message omit crash (#448495)\n[0.9.8g-8]\n- super-H arch support\n- drop workaround for bug 199604 as it should be fixed in gcc-4.3\n[0.9.8g-7]\n- sparc handling\n[0.9.8g-6]\n- update to new root CA bundle from mozilla.org (r1.45)\n[0.9.8g-5]\n- Autorebuild for GCC 4.3\n[0.9.8g-4]\n- merge review fixes (#226220)\n- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)\n[0.9.8g-3]\n- set default paths when no explicit paths are set (#418771)\n- do not add tls extensions to client hello for SSLv3 (#422081)\n[0.9.8g-2]\n- enable some new crypto algorithms and features\n- add some more important bug fixes from openssl CVS\n[0.9.8g-1]\n- update to latest upstream release, SONAME bumped to 7\n[0.9.8b-17]\n- update to new CA bundle from mozilla.org\n[0.9.8b-16]\n- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)\n- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)\n- add alpha sub-archs (#296031)\n[0.9.8b-15]\n- rebuild\n[0.9.8b-14]\n- use localhost in testsuite, hopefully fixes slow build in koji\n- CVE-2007-3108 - fix side channel attack on private keys (#250577)\n- make ssl session cache id matching strict (#233599)\n[0.9.8b-13]\n- allow building on ARM architectures (#245417)\n- use reference timestamps to prevent multilib conflicts (#218064)\n- -devel package must require pkgconfig (#241031)\n[0.9.8b-12]\n- detect duplicates in add_dir properly (#206346)\n[0.9.8b-11]\n- the previous change still didn't make X509_NAME_cmp transitive\n[0.9.8b-10]\n- make X509_NAME_cmp transitive otherwise certificate lookup\n is broken (#216050)\n[0.9.8b-9]\n- aliasing bug in engine loading, patch by IBM (#213216)\n[0.9.8b-8]\n- CVE-2006-2940 fix was incorrect (#208744)\n[0.9.8b-7]\n- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n- fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n- fix CVE-2006-4343 - sslv2 client DoS (#206940)\n[0.9.8b-6]\n- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n[0.9.8b-5]\n- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)\n patch by IBM\n[0.9.8b-4.1]\n- rebuild with new binutils (#200330)\n[0.9.8b-4]\n- add a temporary workaround for sha512 test failure on s390 (#199604)\n* Thu Jul 20 2006 Tomas Mraz \n- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)\n- add patches for BN threadsafety, AES cache collision attack hazard fix and\n pkcs7 code memleak fix from upstream CVS\n[0.9.8b-3.1]\n- rebuild\n[0.9.8b-3]\n- dropped libica and ica engine from build\n* Wed Jun 21 2006 Joe Orton \n- update to new CA bundle from mozilla.org; adds CA certificates\n from netlock.hu and startcom.org\n[0.9.8b-2]\n- fixed a few rpmlint warnings\n- better fix for #173399 from upstream\n- upstream fix for pkcs12\n[0.9.8b-1]\n- upgrade to new version, stays ABI compatible\n- there is no more linux/config.h (it was empty anyway)\n[0.9.8a-6]\n- fix stale open handles in libica (#177155)\n- fix build if 'rand' or 'passwd' in buildroot path (#178782)\n- initialize VIA Padlock engine (#186857)\n[0.9.8a-5.2]\n- bump again for double-long bug on ppc(64)\n[0.9.8a-5.1]\n- rebuilt for new gcc4.1 snapshot and glibc changes\n[0.9.8a-5]\n- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\n in SSL_OP_ALL (#175779)\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[0.9.8a-4]\n- fix build (-lcrypto was erroneusly dropped) of the updated libica\n- updated ICA engine to 1.3.6-rc3\n[0.9.8a-3]\n- disable builtin compression methods for now until they work\n properly (#173399)\n[0.9.8a-2]\n- don't set -rpath for openssl binary\n[0.9.8a-1]\n- new upstream version\n- patches partially renumbered\n[0.9.7f-11]\n- updated IBM ICA engine library and patch to latest upstream version\n[0.9.7f-10]\n- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which\n disables the countermeasure against man in the middle attack in SSLv2\n (#169863)\n- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)\n[0.9.7f-9]\n- add *.so.soversion as symlinks in /lib (#165264)\n- remove unpackaged symlinks (#159595)\n- fixes from upstream (constant time fixes for DSA,\n bn assembler div on ppc arch, initialize memory on realloc)\n[0.9.7f-8]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7f-7]\n- fix CAN-2005-0109 - use constant time/memory access mod_exp\n so bits of private key aren't leaked by cache eviction (#157631)\n- a few more fixes from upstream 0.9.7g\n[0.9.7f-6]\n- use poll instead of select in rand (#128285)\n- fix Makefile.certificate to point to /etc/pki/tls\n- change the default string mask in ASN1 to PrintableString+UTF8String\n[0.9.7f-5]\n- update to revision 1.37 of Mozilla CA bundle\n[0.9.7f-4]\n- move certificates to _sysconfdir/pki/tls (#143392)\n- move CA directories to _sysconfdir/pki/CA\n- patch the CA script and the default config so it points to the\n CA directories\n[0.9.7f-3]\n- uninitialized variable mustn't be used as input in inline\n assembly\n- reenable the x86_64 assembly again\n[0.9.7f-2]\n- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken\n- disable broken bignum assembly on x86_64\n[0.9.7f-1]\n- reenable optimizations on ppc64 and assembly code on ia64\n- upgrade to new upstream version (no soname bump needed)\n- disable thread test - it was testing the backport of the\n RSA blinding - no longer needed\n- added support for changing serial number to\n Makefile.certificate (#151188)\n- make ca-bundle.crt a config file (#118903)\n[0.9.7e-3]\n- libcrypto shouldn't depend on libkrb5 (#135961)\n[0.9.7e-2]\n- rebuild\n[0.9.7e-1]\n- new upstream source, updated patches\n- added patch so we are hopefully ABI compatible with upcoming\n 0.9.7f\n* Thu Feb 10 2005 Tomas Mraz \n- Support UTF-8 charset in the Makefile.certificate (#134944)\n- Added cmp to BuildPrereq\n[0.9.7a-46]\n- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)\n[0.9.7a-45]\n- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)\n[0.9.7a-44]\n- rebuild\n[0.9.7a-43]\n- rebuild\n[0.9.7a-42]\n- rebuild\n[0.9.7a-41]\n- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)\n[0.9.7a-40]\n- Include latest libica version with important bugfixes\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[0.9.7a-38]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7a-37]\n- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)\n[0.9.7a-36]\n- handle %{_arch}=i486/i586/i686/athlon cases in the intermediate\n header (#124303)\n[0.9.7a-35]\n- add security fixes for CAN-2004-0079, CAN-2004-0112\n* Tue Mar 16 2004 Phil Knirsch \n- Fixed libica filespec.\n[0.9.7a-34]\n- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix\n the intermediate header\n[0.9.7a-33]\n- add an intermediate \n which points to the right\n arch-specific opensslconf.h on multilib arches\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[0.9.7a-32]\n- Updated libica to latest upstream version 1.3.5.\n[0.9.7a-31]\n- Update ICA crypto engine patch from IBM to latest version.\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[0.9.7a-29]\n- rebuilt\n[0.9.7a-28]\n- Fixed libica build.\n* Wed Feb 04 2004 Nalin Dahyabhai \n- add '-ldl' to link flags added for Linux-on-ARM (#99313)\n[0.9.7a-27]\n- updated ca-bundle.crt: removed expired GeoTrust roots, added\n freessl.com root, removed trustcenter.de Class 0 root\n[0.9.7a-26]\n- Fix link line for libssl (bug #111154).\n[0.9.7a-25]\n- add dependency on zlib-devel for the -devel package, which depends on zlib\n symbols because we enable zlib for libssl (#102962)\n[0.9.7a-24]\n- Use /dev/urandom instead of PRNG for libica.\n- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c\n- Use latest ICA engine patch from IBM.\n[0.9.7a-22.1]\n- rebuild\n[0.9.7a-22]\n- rebuild (22 wasn't actually built, fun eh?)\n[0.9.7a-23]\n- re-disable optimizations on ppc64\n* Tue Sep 30 2003 Joe Orton \n- add a_mbstr.c fix for 64-bit platforms from CVS\n[0.9.7a-22]\n- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged\n as not needing executable stacks\n[0.9.7a-21]\n- rebuild\n* Thu Sep 25 2003 Nalin Dahyabhai \n- re-enable optimizations on ppc64\n* Thu Sep 25 2003 Nalin Dahyabhai \n- remove exclusivearch\n[0.9.7a-20]\n- only parse a client cert if one was requested\n- temporarily exclusivearch for %{ix86}\n* Tue Sep 23 2003 Nalin Dahyabhai \n- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)\n and heap corruption (CAN-2003-0545)\n- update RHNS-CA-CERT files\n- ease back on the number of threads used in the threading test\n[0.9.7a-19]\n- rebuild to fix gzipped file md5sums (#91211)\n[0.9.7a-18]\n- Updated libica to version 1.3.4.\n[0.9.7a-17]\n- rebuild\n[0.9.7a-10.9]\n- free the kssl_ctx structure when we free an SSL structure (#99066)\n[0.9.7a-16]\n- rebuild\n[0.9.7a-15]\n- lower thread test count on s390x\n[0.9.7a-14]\n- rebuild\n[0.9.7a-13]\n- disable assembly on arches where it seems to conflict with threading\n[0.9.7a-12]\n- Updated libica to latest upstream version 1.3.0\n[0.9.7a-9.9]\n- rebuild\n[0.9.7a-11]\n- rebuild\n[0.9.7a-10]\n- ubsec: don't stomp on output data which might also be input data\n[0.9.7a-9]\n- temporarily disable optimizations on ppc64\n* Mon Jun 09 2003 Nalin Dahyabhai \n- backport fix for engine-used-for-everything from 0.9.7b\n- backport fix for prng not being seeded causing problems, also from 0.9.7b\n- add a check at build-time to ensure that RSA is thread-safe\n- keep perlpath from stomping on the libica configure scripts\n* Fri Jun 06 2003 Nalin Dahyabhai \n- thread-safety fix for RSA blinding\n[0.9.7a-8]\n- rebuilt\n[0.9.7a-7]\n- Added libica-1.2 to openssl (featurerequest).\n[0.9.7a-6]\n- fix building with incorrect flags on ppc64\n[0.9.7a-5]\n- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's\n attack (CAN-2003-0131)\n[ 0.9.7a-4]\n- add patch to enable RSA blinding by default, closing a timing attack\n (CAN-2003-0147)\n[0.9.7a-3]\n- disable use of BN assembly module on x86_64, but continue to allow inline\n assembly (#83403)\n[0.9.7a-2]\n- disable EC algorithms\n[0.9.7a-1]\n- update to 0.9.7a\n[0.9.7-8]\n- add fix to guard against attempts to allocate negative amounts of memory\n- add patch for CAN-2003-0078, fixing a timing attack\n[0.9.7-7]\n- Add openssl-ppc64.patch\n[0.9.7-6]\n- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),\n to get the right behavior when passed uninitialized context structures\n (#83766)\n- build with -mcpu=ev5 on alpha family (#83828)\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[0.9.7-4]\n- Added IBM hw crypto support patch.\n* Wed Jan 15 2003 Nalin Dahyabhai \n- add missing builddep on sed\n[0.9.7-3]\n- debloat\n- fix broken manpage symlinks\n[0.9.7-2]\n- fix double-free in 'openssl ca'\n[0.9.7-1]\n- update to 0.9.7 final\n[0.9.7-0]\n- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n* Wed Dec 11 2002 Nalin Dahyabhai \n- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n[0.9.6b-30]\n- add configuration stanza for x86_64 and use it on x86_64\n- build for linux-ppc on ppc\n- start running the self-tests again\n[0.9.6b-29hammer.3]\n- Merge fixes from previous hammer packages, including general x86-64 and\n multilib\n[0.9.6b-29]\n- rebuild\n[0.9.6b-28]\n- update asn patch to fix accidental reversal of a logic check\n[0.9.6b-27]\n- update asn patch to reduce chance that compiler optimization will remove\n one of the added tests\n[0.9.6b-26]\n- rebuild\n[0.9.6b-25]\n- add patch to fix ASN.1 vulnerabilities\n[0.9.6b-24]\n- add backport of Ben Laurie's patches for OpenSSL 0.9.6d\n[0.9.6b-23]\n- own {_datadir}/ssl/misc\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[0.9.6b-20]\n- free ride through the build system (whee!)\n[0.9.6b-19]\n- rebuild in new environment\n[0.9.6b-17, 0.9.6b-18]\n- merge RHL-specific bits into stronghold package, rename\n[stronghold-0.9.6c-2]\n- add support for Chrysalis Luna token\n* Tue Mar 26 2002 Gary Benson \n- disable AEP random number generation, other AEP fixes\n[0.9.6b-15]\n- only build subpackages on primary arches\n[0.9.6b-13]\n- on ia32, only disable use of assembler on i386\n- enable assembly on ia64\n[0.9.6b-11]\n- fix sparcv9 entry\n[stronghold-0.9.6c-1]\n- upgrade to 0.9.6c\n- bump BuildArch to i686 and enable assembler on all platforms\n- synchronise with shrimpy and rawhide\n- bump soversion to 3\n* Wed Oct 10 2001 Florian La Roche \n- delete BN_LLONG for s390x, patch from Oliver Paukstadt\n[0.9.6b-9]\n- update AEP driver patch\n* Mon Sep 10 2001 Nalin Dahyabhai \n- adjust RNG disabling patch to match version of patch from Broadcom\n[0.9.6b-8]\n- disable the RNG in the ubsec engine driver\n[0.9.6b-7]\n- tweaks to the ubsec engine driver\n[0.9.6b-6]\n- tweaks to the ubsec engine driver\n[0.9.6b-5]\n- update ubsec engine driver from Broadcom\n[0.9.6b-4]\n- move man pages back to %{_mandir}/man?/foo.?ssl from\n %{_mandir}/man?ssl/foo.?\n- add an [ engine ] section to the default configuration file\n* Thu Aug 09 2001 Nalin Dahyabhai \n- add a patch for selecting a default engine in SSL_library_init()\n[0.9.6b-3]\n- add patches for AEP hardware support\n- add patch to keep trying when we fail to load a cert from a file and\n there are more in the file\n- add missing prototype for ENGINE_ubsec() in engine_int.h\n[0.9.6b-2]\n- actually add hw_ubsec to the engine list\n* Tue Jul 17 2001 Nalin Dahyabhai \n- add in the hw_ubsec driver from CVS\n[0.9.6b-1]\n- update to 0.9.6b\n* Thu Jul 05 2001 Nalin Dahyabhai \n- move .so symlinks back to %{_libdir}\n* Tue Jul 03 2001 Nalin Dahyabhai \n- move shared libraries to /lib (#38410)\n* Mon Jun 25 2001 Nalin Dahyabhai \n- switch to engine code base\n* Mon Jun 18 2001 Nalin Dahyabhai \n- add a script for creating dummy certificates\n- move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.?\n* Thu Jun 07 2001 Florian La Roche \n- add s390x support\n* Fri Jun 01 2001 Nalin Dahyabhai \n- change two memcpy() calls to memmove()\n- don't define L_ENDIAN on alpha\n[stronghold-0.9.6a-1]\n- Add 'stronghold-' prefix to package names.\n- Obsolete standard openssl packages.\n* Wed May 16 2001 Joe Orton \n- Add BuildArch: i586 as per Nalin's advice.\n* Tue May 15 2001 Joe Orton \n- Enable assembler on ix86 (using new .tar.bz2 which does\n include the asm directories).\n* Tue May 15 2001 Nalin Dahyabhai \n- make subpackages depend on the main package\n* Tue May 01 2001 Nalin Dahyabhai \n- adjust the hobble script to not disturb symlinks in include/ (fix from\n Joe Orton)\n* Fri Apr 27 2001 Nalin Dahyabhai \n- drop the m2crypo patch we weren't using\n* Tue Apr 24 2001 Nalin Dahyabhai \n- configure using 'shared' as well\n* Sun Apr 08 2001 Nalin Dahyabhai \n- update to 0.9.6a\n- use the build-shared target to build shared libraries\n- bump the soversion to 2 because we're no longer compatible with\n our 0.9.5a packages or our 0.9.6 packages\n- drop the patch for making rsatest a no-op when rsa null support is used\n- put all man pages into \nssl instead of \n- break the m2crypto modules into a separate package\n* Tue Mar 13 2001 Nalin Dahyabhai \n- use BN_LLONG on s390\n* Mon Mar 12 2001 Nalin Dahyabhai \n- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)\n* Sat Mar 03 2001 Nalin Dahyabhai \n- move c_rehash to the perl subpackage, because it's a perl script now\n* Fri Mar 02 2001 Nalin Dahyabhai \n- update to 0.9.6\n- enable MD2\n- use the libcrypto.so and libssl.so targets to build shared libs with\n- bump the soversion to 1 because we're no longer compatible with any of\n the various 0.9.5a packages circulating around, which provide lib*.so.0\n* Wed Feb 28 2001 Florian La Roche \n- change hobble-openssl for disabling MD2 again\n* Tue Feb 27 2001 Nalin Dahyabhai \n- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152\n bytes or so, causing EVP_DigestInit() to zero out stack variables in\n apps built against a version of the library without it\n* Mon Feb 26 2001 Nalin Dahyabhai \n- disable some inline assembly, which on x86 is Pentium-specific\n- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)\n* Thu Feb 08 2001 Florian La Roche \n- fix s390 patch\n* Fri Dec 08 2000 Than Ngo \n- added support s390\n* Mon Nov 20 2000 Nalin Dahyabhai \n- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)\n- add the CA.pl man page to the perl subpackage\n* Thu Nov 02 2000 Nalin Dahyabhai \n- always build with -mcpu=ev5 on alpha\n* Tue Oct 31 2000 Nalin Dahyabhai \n- add a symlink from cert.pem to ca-bundle.crt\n* Wed Oct 25 2000 Nalin Dahyabhai \n- add a ca-bundle file for packages like Samba to reference for CA certificates\n* Tue Oct 24 2000 Nalin Dahyabhai \n- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)\n* Mon Oct 02 2000 Nalin Dahyabhai \n- add unzip as a buildprereq (#17662)\n- update m2crypto to 0.05-snap4\n* Tue Sep 26 2000 Bill Nottingham \n- fix some issues in building when it's not installed\n* Wed Sep 06 2000 Nalin Dahyabhai \n- make sure the headers we include are the ones we built with (aaaaarrgh!)\n* Fri Sep 01 2000 Nalin Dahyabhai \n- add Richard Henderson's patch for BN on ia64\n- clean up the changelog\n* Tue Aug 29 2000 Nalin Dahyabhai \n- fix the building of python modules without openssl-devel already installed\n* Wed Aug 23 2000 Nalin Dahyabhai \n- byte-compile python extensions without the build-root\n- adjust the makefile to not remove temporary files (like .key files when\n building .csr files) by marking them as .PRECIOUS\n* Sat Aug 19 2000 Nalin Dahyabhai \n- break out python extensions into a subpackage\n* Mon Jul 17 2000 Nalin Dahyabhai \n- tweak the makefile some more\n* Tue Jul 11 2000 Nalin Dahyabhai \n- disable MD2 support\n* Thu Jul 06 2000 Nalin Dahyabhai \n- disable MDC2 support\n* Sun Jul 02 2000 Nalin Dahyabhai \n- tweak the disabling of RC5, IDEA support\n- tweak the makefile\n* Thu Jun 29 2000 Nalin Dahyabhai \n- strip binaries and libraries\n- rework certificate makefile to have the right parts for Apache\n* Wed Jun 28 2000 Nalin Dahyabhai \n- use %{_perl} instead of /usr/bin/perl\n- disable alpha until it passes its own test suite\n* Fri Jun 09 2000 Nalin Dahyabhai \n- move the passwd.1 man page out of the passwd package's way\n* Fri Jun 02 2000 Nalin Dahyabhai \n- update to 0.9.5a, modified for U.S.\n- add perl as a build-time requirement\n- move certificate makefile to another package\n- disable RC5, IDEA, RSA support\n- remove optimizations for now\n* Wed Mar 01 2000 Florian La Roche \n- Bero told me to move the Makefile into this package\n* Wed Mar 01 2000 Florian La Roche \n- add lib*.so symlinks to link dynamically against shared libs\n* Tue Feb 29 2000 Florian La Roche \n- update to 0.9.5\n- run ldconfig directly in post/postun\n- add FAQ\n* Sat Dec 18 1999 Bernhard Rosenkrdnzer \n- Fix build on non-x86 platforms\n* Fri Nov 12 1999 Bernhard Rosenkrdnzer \n- move /usr/share/ssl/* from -devel to main package\n* Tue Oct 26 1999 Bernhard Rosenkrdnzer \n- inital packaging\n- changes from base:\n - Move /usr/local/ssl to /usr/share/ssl for FHS compliance\n - handle RPM_OPT_FLAGS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-16T00:00:00", "type": "oraclelinux", "title": "openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0078", "CVE-2003-0131", "CVE-2003-0147", "CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0975", "CVE-2005-0109", "CVE-2005-2946", "CVE-2005-2969", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-0891", "CVE-2008-1672", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-5298", "CVE-2011-0014", "CVE-2011-3207", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2333", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8176", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2015-3216", "CVE-2015-4000", "CVE-2015-7575", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-8610", "CVE-2017-3731", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739", "CVE-2019-1559"], "modified": "2019-08-16T00:00:00", "id": "ELSA-2019-4747", "href": "http://linux.oracle.com/errata/ELSA-2019-4747.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}