Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20110906_GSTREAMER_PLUGINS_ON_SL4_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : gstreamer-plugins on SL4.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats.

An integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)

All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(61131);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2011-2911");

  script_name(english:"Scientific Linux Security Update : gstreamer-plugins on SL4.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The gstreamer-plugins packages contain plug-ins used by the GStreamer
streaming-media framework to support a wide variety of media formats.

An integer overflow flaw, a boundary error, and multiple off-by-one
flaws were found in various ModPlug music file format library
(libmodplug) modules, embedded in GStreamer. An attacker could create
specially crafted music files that, when played by a victim, would
cause applications using GStreamer to crash or, potentially, execute
arbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913,
CVE-2011-2914, CVE-2011-2915)

All users of gstreamer-plugins are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.
After installing the update, all applications using GStreamer (such as
Rhythmbox) must be restarted for the changes to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1109&L=scientific-linux-errata&T=0&P=1260
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f7838f47"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected gstreamer-plugins, gstreamer-plugins-debuginfo and
/ or gstreamer-plugins-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/09/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"gstreamer-plugins-0.8.5-1.EL.4")) flag++;
if (rpm_check(release:"SL4", reference:"gstreamer-plugins-debuginfo-0.8.5-1.EL.4")) flag++;
if (rpm_check(release:"SL4", reference:"gstreamer-plugins-devel-0.8.5-1.EL.4")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

nessus 13
openvas 20
gentoo 2
securityvulns 2
oraclelinux 1
centos 1
redhat 1
altlinux 1
ubuntu 1
fedora 3
suse 1
debian 1
osv 1
debiancve 5
cvelist 5
ubuntucve 5
prion 5
cve 5
nessus
nessus
Fedora 14 : audacious-plugins-2.4.5-4.fc14 (2011-12370)
2011-09-19 00:00:00
Fedora 15 : libmodplug-0.8.8.4-1.fc15 (2011-10544)
2011-08-17 00:00:00
CentOS 4 : gstreamer-plugins (CESA-2011:1264)
2011-09-09 00:00:00
openvas
openvas
CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 x86_64
2012-07-30 00:00:00
RedHat Update for gstreamer-plugins RHSA-2011:1264-01
2011-09-12 00:00:00
Gentoo Security Advisory GLSA 201203-14 (audacious-plugins)
2012-04-30 00:00:00
gentoo
gentoo
Audacious Plugins: User-assisted execution of arbitrary code
2012-03-16 00:00:00
ModPlug: User-assisted execution of arbitrary code
2012-03-16 00:00:00
securityvulns
securityvulns
libmodplug library multiple security vulnerabilities
2011-11-11 00:00:00
[USN-1255-1] libmodplug vulnerabilities
2011-11-11 00:00:00
oraclelinux
oraclelinux
gstreamer-plugins security update
2011-09-07 00:00:00
centos
centos
gstreamer security update
2011-09-08 17:33:02
redhat
redhat
(RHSA-2011:1264) Important: gstreamer-plugins security update
2011-09-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package libmodplug version 0.8.8.4-alt1
2011-09-03 00:00:00
ubuntu
ubuntu
libmodplug vulnerabilities
2011-11-09 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libmodplug-0.8.8.4-1.fc16
2011-08-22 15:25:03
[SECURITY] Fedora 15 Update: libmodplug-0.8.8.4-1.fc15
2011-08-17 01:20:40
[SECURITY] Fedora 14 Update: libmodplug-0.8.8.4-1.fc14
2011-08-17 00:58:10
suse
suse
libmodplug: Fixed multiple vulnerabilities reported in &lt;= 0.8.8.3 (important)
2011-08-24 21:08:24
debian
debian
[SECURITY] [DSA 2415-1] libmodplug security update
2012-02-22 00:06:11
osv
osv
libmodplug - several
2012-02-21 00:00:00
debiancve
debiancve
CVE-2011-2912
2012-06-07 19:55:00
CVE-2011-2915
2012-06-07 19:55:00
CVE-2011-2913
2012-06-07 19:55:00
cvelist
cvelist
CVE-2011-2912
2012-06-07 19:00:00
CVE-2011-2915
2012-06-07 19:00:00
CVE-2011-2911
2012-06-07 19:00:00
ubuntucve
ubuntucve
CVE-2011-2915
2011-10-06 00:00:00
CVE-2011-2912
2011-10-06 00:00:00
CVE-2011-2913
2011-10-06 00:00:00
prion
prion
Stack overflow
2012-06-07 19:55:00
Memory corruption
2012-06-07 19:55:00
Memory corruption
2012-06-07 19:55:00
cve
cve
CVE-2011-2915
2012-06-07 19:55:00
CVE-2011-2912
2012-06-07 19:55:00
CVE-2011-2911
2012-06-07 19:55:00
JSON
Related for SL_20110906_GSTREAMER_PLUGINS_ON_SL4_X.NASL
nessus13openvas20gentoo2securityvulns2oraclelinux1centos1redhat1altlinux1ubuntu1fedora3suse1debian1osv1debiancve5cvelist5ubuntucve5prion5cve5