{"id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "published": "2012-08-01T00:00:00", "modified": "2014-08-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "reporter": "Tenable", "references": ["http://www.nessus.org/u?792db480"], "cvelist": ["CVE-2011-3365"], "type": "nessus", "lastseen": "2018-09-01T23:41:27", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2011-3365"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "d59bb321670430bdffc96f823eef88025d9a7f2681eb699a40ad2b294957a9e1", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "1538f816f097c6e24e4925917da4bdd2", "key": "pluginID"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "75cdebe0eaa0f27a227ac1993e48dd15", "key": "description"}, {"hash": "dffbca99f1c54ad929437915a55adafb", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "be165084def82ff9685b05486474f163", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0e521a7302530d8517c24119dab06780", "key": "href"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "3df1729ddd62f904d6fc3174886883b1", "key": "sourceData"}, {"hash": "bfbf81f16ff8b5b7964ff84f92035968", "key": "modified"}, {"hash": "fb9bf83f6ee99f12b12b83267fa60f2a", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "lastseen": "2017-10-29T13:36:31", "modified": "2014-08-16T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "61152", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?792db480"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?792db480\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:36:31"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2011-3365"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "563c4d1908ddf9e2f792e57de16634d5ca27fe93f1af27d538ce02067217eb05", "hashmap": [{"hash": "1538f816f097c6e24e4925917da4bdd2", "key": "pluginID"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "75cdebe0eaa0f27a227ac1993e48dd15", "key": "description"}, {"hash": "dffbca99f1c54ad929437915a55adafb", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "be165084def82ff9685b05486474f163", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0e521a7302530d8517c24119dab06780", "key": "href"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "3df1729ddd62f904d6fc3174886883b1", "key": "sourceData"}, {"hash": "bfbf81f16ff8b5b7964ff84f92035968", "key": "modified"}, {"hash": "fb9bf83f6ee99f12b12b83267fa60f2a", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "lastseen": "2018-08-30T19:36:23", "modified": "2014-08-16T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "61152", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?792db480"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?792db480\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:36:23"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-3365"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 1, "enchantments": {}, "hash": "86f2272344105d5138b4a4b6a5c93d0ac620868f2bced43208359f9b32dc0698", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "1538f816f097c6e24e4925917da4bdd2", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "75cdebe0eaa0f27a227ac1993e48dd15", "key": "description"}, {"hash": "dffbca99f1c54ad929437915a55adafb", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "be165084def82ff9685b05486474f163", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0e521a7302530d8517c24119dab06780", "key": "href"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "3df1729ddd62f904d6fc3174886883b1", "key": "sourceData"}, {"hash": "bfbf81f16ff8b5b7964ff84f92035968", "key": "modified"}, {"hash": "fb9bf83f6ee99f12b12b83267fa60f2a", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "lastseen": "2016-09-26T17:24:07", "modified": "2014-08-16T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "61152", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?792db480"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?792db480\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:07"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b1e432cd926620a2b9bd9816ef9503c6"}, {"key": "cvelist", "hash": "fb9bf83f6ee99f12b12b83267fa60f2a"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "75cdebe0eaa0f27a227ac1993e48dd15"}, {"key": "href", "hash": "0e521a7302530d8517c24119dab06780"}, {"key": "modified", "hash": "bfbf81f16ff8b5b7964ff84f92035968"}, {"key": "naslFamily", "hash": "b3a4d461a1383c8ba9fa401b58d29827"}, {"key": "pluginID", "hash": "1538f816f097c6e24e4925917da4bdd2"}, {"key": "published", "hash": "3ff4afbf9eedf98937c2e5c5cf13456f"}, {"key": "references", "hash": "be165084def82ff9685b05486474f163"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "3df1729ddd62f904d6fc3174886883b1"}, {"key": "title", "hash": "dffbca99f1c54ad929437915a55adafb"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d59bb321670430bdffc96f823eef88025d9a7f2681eb699a40ad2b294957a9e1", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?792db480\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "61152", "cpe": ["x-cpe:/o:fermilab:scientific_linux"]}

{"cve": [{"lastseen": "2016-09-03T15:39:49", "references": ["http://www.redhat.com/support/errata/RHSA-2011-1364.html", "http://www.redhat.com/support/errata/RHSA-2011-1385.html", "http://www.kde.org/info/security/advisory-20111003-1.txt", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:162", "https://bugzilla.redhat.com/show_bug.cgi?id=743054"], "description": "The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.", "edition": 1, "reporter": "NVD", "published": "2011-11-29T12:55:01", "title": "CVE-2011-3365", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T15:39:49", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-3365"], "scanner": [], "cpe": ["cpe:/a:kde:kde_sc:4.6.4", "cpe:/a:kde:kde_sc:4.6.3", "cpe:/a:kde:kde_sc:4.6.1", "cpe:/a:kde:kde_sc:4.6.5", "cpe:/a:kde:kde_sc:4.7.0", "cpe:/a:kde:kde_sc:4.6.2", "cpe:/a:kde:kde_sc:4.7.1", "cpe:/a:kde:kde_sc:4.6.0"], "modified": "2012-01-18T22:59:28", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3365", "id": "CVE-2011-3365", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-01-11T11:06:17", "references": ["2011-13417", "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067248.html"], "pluginID": "864066", "description": "Check for the Version of kruler", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-04-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for kruler FEDORA-2011-13417", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-01-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864066", "id": "OPENVAS:864066", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kruler FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kruler on Fedora 16\";\ntag_insight = \"A screen ruler and color measurement tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067248.html\");\n script_id(864066);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:06:49 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for kruler FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kruler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kruler\", rpm:\"kruler~4.7.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:40", "references": ["https://www.redhat.com/archives/rhsa-announce/2011-October/msg00005.html", "2011:1364-01"], "pluginID": "870694", "description": "Check for the Version of kdelibs", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "RedHat Update for kdelibs RHSA-2011:1364-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2017-12-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870694", "id": "OPENVAS:870694", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kdelibs RHSA-2011:1364-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\n An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An\n attacker could supply a specially-crafted SSL certificate (for example, via\n a web page) to an application using KSSL, such as the Konqueror web\n browser, causing misleading information to be presented to the user,\n possibly tricking them into accepting the certificate as valid.\n (CVE-2011-3365)\n\n This update also adds the following enhancement:\n\n * kdelibs provided its own set of trusted Certificate Authority (CA)\n certificates. This update makes kdelibs use the system set from the\n ca-certificates package, instead of its own copy. (BZ#743951)\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct this issue and add this enhancement. The desktop must be\n restarted (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"kdelibs on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00005.html\");\n script_id(870694);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:49:42 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2011:1364-01\");\n script_name(\"RedHat Update for kdelibs RHSA-2011:1364-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kdelibs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~4.3.4~11.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-common\", rpm:\"kdelibs-common~4.3.4~11.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-debuginfo\", rpm:\"kdelibs-debuginfo~4.3.4~11.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel\", rpm:\"kdelibs-devel~4.3.4~11.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-apidocs\", rpm:\"kdelibs-apidocs~4.3.4~11.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:56:25", "references": ["2011-13417", "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067283.html"], "pluginID": "864076", "description": "Check for the Version of okular", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-04-02T00:00:00", "title": "Fedora Update for okular FEDORA-2011-13417", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2017-12-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864076", "id": "OPENVAS:864076", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for okular FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"okular on Fedora 16\";\ntag_insight = \"A document viewer.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067283.html\");\n script_id(864076);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:08:25 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for okular FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of okular\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"okular\", rpm:\"okular~4.7.1~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:56:33", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067220.html", "2011-13417"], "pluginID": "863957", "description": "Check for the Version of kdeadmin", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-04-02T00:00:00", "title": "Fedora Update for kdeadmin FEDORA-2011-13417", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2017-12-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863957", "id": "OPENVAS:863957", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdeadmin FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdeadmin on Fedora 16\";\ntag_insight = \"The kdeadmin package includes administrative tools including:\n * kcron: systemsettings module for the cron task scheduler\n * ksystemlog: system log viewer\n * kuser: user manager\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067220.html\");\n script_id(863957);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:38:19 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for kdeadmin FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kdeadmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdeadmin\", rpm:\"kdeadmin~4.7.1~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-06T13:07:00", "references": ["2011-13417", "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067238.html"], "pluginID": "863923", "description": "Check for the Version of cantor", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-04-02T00:00:00", "title": "Fedora Update for cantor FEDORA-2011-13417", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-01-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863923", "id": "OPENVAS:863923", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cantor FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cantor on Fedora 16\";\ntag_insight = \"KDE Frontend to Mathematical Software.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067238.html\");\n script_id(863923);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:36:44 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for cantor FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cantor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"cantor\", rpm:\"cantor~4.7.1~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:40", "references": ["2011-13417", "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067270.html"], "pluginID": "863841", "description": "Check for the Version of kdeutils", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-03-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for kdeutils FEDORA-2011-13417", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2017-12-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863841", "id": "OPENVAS:863841", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdeutils FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdeutils on Fedora 16\";\ntag_insight = \"Utilities for KDE 4.\n Includes:\n * kcharselect: character selector\n * kfloppy: floppy formatting tool\n * superkaramba\n * sweeper: clean unwanted traces the user leaves on the system\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067270.html\");\n script_id(863841);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:23:06 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for kdeutils FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kdeutils\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdeutils\", rpm:\"kdeutils~4.7.1~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-06T13:07:29", "references": ["2011-13417", "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067229.html"], "pluginID": "864045", "description": "Check for the Version of kdegames", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-04-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for kdegames FEDORA-2011-13417", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-01-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864045", "id": "OPENVAS:864045", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdegames FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdegames on Fedora 16\";\ntag_insight = \"Games for KDE 4, including:\n * bomber\n * bovo\n * granatier\n * kajongg\n * kapman\n * katomic\n * kblackbox\n * kblocks\n * kbounce\n * kbreakout\n * kdiamond\n * kfourinline\n * kgoldrunner\n * kigo\n * killbots\n * kiriki\n * kjumpingcube\n * klickety\n * klines\n * knetwalk\n * kolf\n * kollision\n * konquest\n * kreversi\n * ksame\n * kshisen\n * ksirk\n * ksnakeduel / ksnake\n * kspaceduel\n * ksquares\n * ksudoku\n * ktuberling\n * kubrick\n * lskat\n * naval battle\n * palapeli\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067229.html\");\n script_id(864045);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:04:59 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for kdegames FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kdegames\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegames\", rpm:\"kdegames~4.7.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-11T11:07:22", "references": ["2011-13417", "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067234.html"], "pluginID": "864048", "description": "Check for the Version of kdebase-workspace", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-04-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for kdebase-workspace FEDORA-2011-13417", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-01-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864048", "id": "OPENVAS:864048", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdebase-workspace FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The KDE Workspace consists of what is the desktop of the\n KDE Desktop Environment.\n\n This package contains:\n * khotkeys (a hotkey daemon)\n * klipper (a cut &amp; paste history utility)\n * kmenuedit (the menu editor)\n * krandrtray (resize and rotate X screens)\n * krunner (a command run interface)\n * ksysguard (a performance monitor)\n * kwin (the window manager of KDE)\n * plasma (the KDE desktop, panels and widgets workspace application)\n * systemsettings (the configuration editor)\";\n\ntag_affected = \"kdebase-workspace on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067234.html\");\n script_id(864048);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:05:12 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for kdebase-workspace FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kdebase-workspace\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdebase-workspace\", rpm:\"kdebase-workspace~4.7.1~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-06T13:07:54", "references": ["2011-13417", "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067252.html"], "pluginID": "863920", "description": "Check for the Version of klettres", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-04-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for klettres FEDORA-2011-13417", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-01-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863920", "id": "OPENVAS:863920", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for klettres FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"klettres on Fedora 16\";\ntag_insight = \"Learn The French Alphabet.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067252.html\");\n script_id(863920);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:36:38 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for klettres FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of klettres\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"klettres\", rpm:\"klettres~4.7.1~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:30", "references": ["2011-13417", "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067267.html"], "pluginID": "863801", "description": "Check for the Version of kolourpaint", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-03-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for kolourpaint FEDORA-2011-13417", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2017-12-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863801", "id": "OPENVAS:863801", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kolourpaint FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kolourpaint on Fedora 16\";\ntag_insight = \"An easy-to-use paint program.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067267.html\");\n script_id(863801);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:18:55 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for kolourpaint FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kolourpaint\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kolourpaint\", rpm:\"kolourpaint~4.7.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:39:01", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-October/002397.html"], "pluginID": "68368", "description": "From Red Hat Security Advisory 2011:1364 :\n\nUpdated kdelibs packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n* kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy. (BZ#743951)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : kdelibs (ELSA-2011-1364)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kdelibs-apidocs", "p-cpe:/a:oracle:linux:kdelibs-devel", "p-cpe:/a:oracle:linux:kdelibs", "p-cpe:/a:oracle:linux:kdelibs-common"], "id": "ORACLELINUX_ELSA-2011-1364.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1364 and \n# Oracle Linux Security Advisory ELSA-2011-1364 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68368);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"RHSA\", value:\"2011:1364\");\n\n script_name(english:\"Oracle Linux 6 : kdelibs (ELSA-2011-1364)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1364 :\n\nUpdated kdelibs packages that fix one security issue and add one\nenhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n* kdelibs provided its own set of trusted Certificate Authority (CA)\ncertificates. This update makes kdelibs use the system set from the\nca-certificates package, instead of its own copy. (BZ#743951)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002397.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-apidocs / kdelibs-common / kdelibs-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-11T12:59:57", "references": ["http://www.nessus.org/u?822945dd", "http://www.nessus.org/u?1baf209c", "http://www.nessus.org/u?5e27a8cf", "http://www.nessus.org/u?97cff4aa"], "pluginID": "56559", "description": "Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2011-10-20T00:00:00", "title": "CentOS 4 / 5 : kdelibs (CESA-2011:1385)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kdelibs", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:kdelibs-devel", "p-cpe:/a:centos:centos:kdelibs-apidocs", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1385.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56559", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1385 and \n# CentOS Errata and Security Advisory 2011:1385 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56559);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"RHSA\", value:\"2011:1385\");\n\n script_name(english:\"CentOS 4 / 5 : kdelibs (CESA-2011:1385)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and\nupdated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one\nsecurity issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop\nEnvironment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The desktop must be restarted\n(log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018167.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97cff4aa\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018168.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1baf209c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018123.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?822945dd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018124.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e27a8cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kdelibs-3.3.1-18.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kdelibs-3.3.1-18.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kdelibs-devel-3.3.1-18.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kdelibs-devel-3.3.1-18.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"kdelibs-3.5.4-26.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kdelibs-apidocs-3.5.4-26.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kdelibs-devel-3.5.4-26.el5.centos.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-13T17:12:02", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=721974", "https://lists.opensuse.org/opensuse-updates/2011-10/msg00013.html"], "pluginID": "75878", "description": "An input validation flaw when displaying certificates has been fixed in KDE's KSSL (kdelibs4). CVE-2011-3365 has been assigned to this issue.", "edition": 6, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kdelibs4 (openSUSE-SU-2011:1135-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libkde4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo", "p-cpe:/a:novell:opensuse:libkdecore4-devel-debuginfo", "p-cpe:/a:novell:opensuse:kdelibs4-doc-debuginfo", "p-cpe:/a:novell:opensuse:libksuseinstall1-32bit", "p-cpe:/a:novell:opensuse:libkde4-devel", "p-cpe:/a:novell:opensuse:libkdecore4-debuginfo", "p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo-32bit", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:libkdecore4-devel", "p-cpe:/a:novell:opensuse:libkde4-32bit", "p-cpe:/a:novell:opensuse:libksuseinstall1", "p-cpe:/a:novell:opensuse:libkdecore4-32bit", "p-cpe:/a:novell:opensuse:kdelibs4-core-debuginfo", "p-cpe:/a:novell:opensuse:libkde4-debuginfo", "p-cpe:/a:novell:opensuse:kdelibs4-core", "p-cpe:/a:novell:opensuse:libkdecore4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:kdelibs4-debuginfo", "p-cpe:/a:novell:opensuse:kdelibs4-branding-upstream", "p-cpe:/a:novell:opensuse:libksuseinstall-devel", "p-cpe:/a:novell:opensuse:kdelibs4-debugsource", "p-cpe:/a:novell:opensuse:libkde4", "p-cpe:/a:novell:opensuse:libkdecore4", "p-cpe:/a:novell:opensuse:kdelibs4"], "id": "SUSE_11_4_KDELIBS4-111010.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kdelibs4-5258.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75878);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"openSUSE Security Update : kdelibs4 (openSUSE-SU-2011:1135-1)\");\n script_summary(english:\"Check for the kdelibs4-5258 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An input validation flaw when displaying certificates has been fixed\nin KDE's KSSL (kdelibs4). CVE-2011-3365 has been assigned to this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-10/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-branding-upstream-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-core-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-core-debuginfo-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-debuginfo-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-debugsource-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-doc-debuginfo-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkde4-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkde4-debuginfo-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkde4-devel-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkdecore4-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkdecore4-debuginfo-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkdecore4-devel-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkdecore4-devel-debuginfo-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libksuseinstall-devel-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libksuseinstall1-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libksuseinstall1-debuginfo-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libkde4-32bit-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libkde4-debuginfo-32bit-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libkdecore4-32bit-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libkdecore4-debuginfo-32bit-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libksuseinstall1-32bit-4.6.0-6.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libksuseinstall1-debuginfo-32bit-4.6.0-6.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs4\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-27T05:21:18", "references": ["https://access.redhat.com/errata/RHSA-2011:1364", "https://access.redhat.com/security/cve/cve-2011-3365"], "pluginID": "56463", "description": "Updated kdelibs packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n* kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy. (BZ#743951)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2011-10-12T00:00:00", "title": "RHEL 6 : kdelibs (RHSA-2011:1364)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-11-26T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kdelibs", "p-cpe:/a:redhat:enterprise_linux:kdelibs-common", "cpe:/o:redhat:enterprise_linux:6.1", "p-cpe:/a:redhat:enterprise_linux:kdelibs-devel", "p-cpe:/a:redhat:enterprise_linux:kdelibs-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kdelibs-apidocs"], "id": "REDHAT-RHSA-2011-1364.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56463", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1364. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56463);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"RHSA\", value:\"2011:1364\");\n\n script_name(english:\"RHEL 6 : kdelibs (RHSA-2011:1364)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdelibs packages that fix one security issue and add one\nenhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n* kdelibs provided its own set of trusted Certificate Authority (CA)\ncertificates. This update makes kdelibs use the system set from the\nca-certificates package, instead of its own copy. (BZ#743951)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1364\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1364\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-apidocs / kdelibs-common / kdelibs-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-29T19:15:15", "references": ["http://kde.org/announcements/announce-4.7.1.php", "http://www.nessus.org/u?a38ad5fd", "http://www.nessus.org/u?c9900ca9", "http://www.nessus.org/u?9718d779", "http://www.nessus.org/u?da60f1dc", "http://www.nessus.org/u?b0cfcc04", "https://bugzilla.redhat.com/show_bug.cgi?id=739642", "http://www.nessus.org/u?d58affbd", "http://www.nessus.org/u?52b6557b", "http://www.nessus.org/u?499f44c6", "https://bugzilla.redhat.com/show_bug.cgi?id=723987", "http://www.nessus.org/u?0acfb311", "http://www.nessus.org/u?74df96f0", "http://www.nessus.org/u?24d19f2b", "http://www.nessus.org/u?43c4dd12", "http://www.nessus.org/u?cd4d9a9a", "http://www.nessus.org/u?645965ae", "http://www.nessus.org/u?0207a3eb", "http://www.nessus.org/u?4379a2a9", "http://www.nessus.org/u?b61c4793", "http://www.nessus.org/u?e2819c26", "http://www.nessus.org/u?1c37a29a", "http://www.nessus.org/u?822a756c", "http://www.nessus.org/u?da07fa58", "http://www.nessus.org/u?db37dea9", "http://www.nessus.org/u?baea07a3", "http://www.nessus.org/u?7f492f60", "http://www.nessus.org/u?8c12e341", "http://www.nessus.org/u?12189f51", "http://www.nessus.org/u?2422b1db", "http://www.nessus.org/u?dab6f199", "http://www.nessus.org/u?b1f02f52", "http://www.nessus.org/u?67452b64", "http://www.nessus.org/u?4e7aacab", "http://www.nessus.org/u?5bc851aa", "http://www.nessus.org/u?f1fc17ce", "http://www.nessus.org/u?cdb858a7", "http://www.nessus.org/u?7ca6b407", "http://www.nessus.org/u?5793d33a", "http://www.nessus.org/u?1f194dbb", "http://www.nessus.org/u?c635f99c", "http://www.nessus.org/u?f06b5b84", "http://www.nessus.org/u?bd18caca", "http://www.nessus.org/u?8191a152", "http://www.nessus.org/u?2c3d2722", "http://www.nessus.org/u?913c015e", "http://www.nessus.org/u?0209b63b", "http://www.nessus.org/u?c5a0c0a6", "http://www.nessus.org/u?a8858bfa", "http://www.nessus.org/u?98494adb", "http://www.nessus.org/u?3da564aa", "http://www.nessus.org/u?00ee765f", "http://www.nessus.org/u?624de032", "http://www.nessus.org/u?c1480930", "http://www.nessus.org/u?3271761b", "http://www.nessus.org/u?d4d91086", "https://bugzilla.redhat.com/show_bug.cgi?id=743056", "http://www.nessus.org/u?9dba6042", "http://www.nessus.org/u?7aa5a566", "http://www.nessus.org/u?92be9b2e", "https://bugzilla.redhat.com/show_bug.cgi?id=732830", "https://bugzilla.redhat.com/show_bug.cgi?id=717115", "http://www.nessus.org/u?96136d6c", "http://www.nessus.org/u?03cb0682", "http://www.nessus.org/u?0a32d8e0", "http://www.nessus.org/u?fa019934", "http://www.nessus.org/u?348432d3", "http://www.nessus.org/u?be8731b5", "http://www.nessus.org/u?934da0f5", "http://www.nessus.org/u?e7505578", "http://www.nessus.org/u?2b160da1", "http://www.nessus.org/u?d1b8a1ad", "http://www.nessus.org/u?f33c8fa9", "https://bugzilla.redhat.com/show_bug.cgi?id=740676", "http://www.nessus.org/u?592331e8"], "pluginID": "56386", "description": "KDE Workspaces, Applications, and Development Platform 4.7.1 bugfix release, see also: http://kde.org/announcements/announce-4.7.1.php\n\nThis batch also includes split packaging for kdeedu-related rpms.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2011-10-05T00:00:00", "title": "Fedora 16 : PyKDE4-4.7.1-2.fc16 / akonadi-1.6.1-1.fc16 / blinken-4.7.1-2.fc16 / cantor-4.7.1-2.fc16 / etc (2011-13417)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-11-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:akonadi", "p-cpe:/a:fedoraproject:fedora:oxygen-icon-theme", "p-cpe:/a:fedoraproject:fedora:kde-settings", "p-cpe:/a:fedoraproject:fedora:kdetoys", "p-cpe:/a:fedoraproject:fedora:konsole", "p-cpe:/a:fedoraproject:fedora:kdegames", "p-cpe:/a:fedoraproject:fedora:kdepimlibs", "p-cpe:/a:fedoraproject:fedora:kanagram", "p-cpe:/a:fedoraproject:fedora:libkexiv2", "p-cpe:/a:fedoraproject:fedora:kruler", "p-cpe:/a:fedoraproject:fedora:kdeplasma-addons", "p-cpe:/a:fedoraproject:fedora:kcolorchooser", "p-cpe:/a:fedoraproject:fedora:kdeedu", "p-cpe:/a:fedoraproject:fedora:kdemultimedia", "p-cpe:/a:fedoraproject:fedora:kdegraphics-thumbnailers", "p-cpe:/a:fedoraproject:fedora:kdesdk", "p-cpe:/a:fedoraproject:fedora:rocs", "p-cpe:/a:fedoraproject:fedora:kwordquiz", "p-cpe:/a:fedoraproject:fedora:libkdeedu", "p-cpe:/a:fedoraproject:fedora:kturtle", "p-cpe:/a:fedoraproject:fedora:kamera", "p-cpe:/a:fedoraproject:fedora:kdeaccessibility", "p-cpe:/a:fedoraproject:fedora:kross-interpreters", "p-cpe:/a:fedoraproject:fedora:kate", "p-cpe:/a:fedoraproject:fedora:gwenview", "p-cpe:/a:fedoraproject:fedora:kdebase", "p-cpe:/a:fedoraproject:fedora:kdenetwork", "p-cpe:/a:fedoraproject:fedora:smokekde", "p-cpe:/a:fedoraproject:fedora:okular", "p-cpe:/a:fedoraproject:fedora:svgpart", "p-cpe:/a:fedoraproject:fedora:kdelibs", "p-cpe:/a:fedoraproject:fedora:kiten", "p-cpe:/a:fedoraproject:fedora:ksaneplugin", "p-cpe:/a:fedoraproject:fedora:kmplot", "p-cpe:/a:fedoraproject:fedora:kdepim", "p-cpe:/a:fedoraproject:fedora:kdeadmin", "p-cpe:/a:fedoraproject:fedora:step", "p-cpe:/a:fedoraproject:fedora:kdebase-workspace", "p-cpe:/a:fedoraproject:fedora:klettres", "p-cpe:/a:fedoraproject:fedora:libkipi", "p-cpe:/a:fedoraproject:fedora:kdepim-runtime", "p-cpe:/a:fedoraproject:fedora:smokegen", "p-cpe:/a:fedoraproject:fedora:kalgebra", "p-cpe:/a:fedoraproject:fedora:marble", "cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:kalzium", "p-cpe:/a:fedoraproject:fedora:blinken", "p-cpe:/a:fedoraproject:fedora:kig", "p-cpe:/a:fedoraproject:fedora:smokeqt", "p-cpe:/a:fedoraproject:fedora:kdegraphics-strigi-analyzer", "p-cpe:/a:fedoraproject:fedora:cantor", "p-cpe:/a:fedoraproject:fedora:ktouch", "p-cpe:/a:fedoraproject:fedora:shared-desktop-ontologies", "p-cpe:/a:fedoraproject:fedora:kdeutils", "p-cpe:/a:fedoraproject:fedora:kgamma", "p-cpe:/a:fedoraproject:fedora:kdeartwork", "p-cpe:/a:fedoraproject:fedora:ksnapshot", "p-cpe:/a:fedoraproject:fedora:kstars", "p-cpe:/a:fedoraproject:fedora:kde-l10n", "p-cpe:/a:fedoraproject:fedora:kdebase-runtime", "p-cpe:/a:fedoraproject:fedora:libksane", "p-cpe:/a:fedoraproject:fedora:libkdcraw", "p-cpe:/a:fedoraproject:fedora:kolourpaint", "p-cpe:/a:fedoraproject:fedora:kbruch", "p-cpe:/a:fedoraproject:fedora:kdegraphics", "p-cpe:/a:fedoraproject:fedora:khangman", "p-cpe:/a:fedoraproject:fedora:kgeography", "p-cpe:/a:fedoraproject:fedora:parley", "p-cpe:/a:fedoraproject:fedora:PyKDE4"], "id": "FEDORA_2011-13417.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56386", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-13417.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56386);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"FEDORA\", value:\"2011-13417\");\n\n script_name(english:\"Fedora 16 : PyKDE4-4.7.1-2.fc16 / akonadi-1.6.1-1.fc16 / blinken-4.7.1-2.fc16 / cantor-4.7.1-2.fc16 / etc (2011-13417)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"KDE Workspaces, Applications, and Development Platform 4.7.1 bugfix\nrelease, see also: http://kde.org/announcements/announce-4.7.1.php\n\nThis batch also includes split packaging for kdeedu-related rpms.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://kde.org/announcements/announce-4.7.1.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=723987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=739642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=740676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=743056\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067219.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f33c8fa9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067220.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd18caca\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067221.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b160da1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067222.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c12e341\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067223.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1f02f52\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067224.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?913c015e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067225.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92be9b2e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067226.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4379a2a9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067227.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2819c26\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067228.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7505578\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067229.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?624de032\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067230.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?822a756c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b61c4793\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067232.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8191a152\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067233.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c9900ca9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067234.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9dba6042\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067235.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4d91086\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067236.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa019934\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067237.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2422b1db\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067238.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96136d6c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067239.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d1b8a1ad\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067240.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98494adb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067241.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7aa5a566\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067242.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db37dea9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067243.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5a0c0a6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067244.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c3d2722\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067245.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3271761b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067246.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ca6b407\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067247.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a32d8e0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067248.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5bc851aa\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067249.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52b6557b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067250.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00ee765f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067251.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f492f60\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067252.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43c4dd12\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067253.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0acfb311\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067254.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da07fa58\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067255.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?03cb0682\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067256.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3da564aa\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067257.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74df96f0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067258.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?645965ae\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067259.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f06b5b84\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067260.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da60f1dc\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067261.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?348432d3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067262.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1480930\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067263.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?592331e8\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067264.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12189f51\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067265.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dab6f199\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067266.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f194dbb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067267.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c37a29a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067268.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d58affbd\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067269.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e7aacab\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067270.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?934da0f5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067272.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?baea07a3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067273.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a38ad5fd\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067274.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0207a3eb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067275.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?67452b64\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067276.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0209b63b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067277.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?499f44c6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067278.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c635f99c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067279.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be8731b5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067280.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdb858a7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067281.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5793d33a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067282.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24d19f2b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067283.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9718d779\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067284.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8858bfa\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067285.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0cfcc04\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067286.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd4d9a9a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067287.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f1fc17ce\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:PyKDE4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:akonadi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blinken\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cantor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gwenview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kalgebra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kalzium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kamera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kanagram\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kbruch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kcolorchooser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kde-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kde-settings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeaccessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeartwork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdebase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdebase-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdebase-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeedu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegames\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegraphics-strigi-analyzer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegraphics-thumbnailers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdemultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdenetwork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdepim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdepim-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdepimlibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeplasma-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdesdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdetoys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kgamma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kgeography\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:khangman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kiten\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:klettres\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kmplot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kolourpaint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:konsole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kross-interpreters\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kruler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ksaneplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ksnapshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kstars\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ktouch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kturtle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kwordquiz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libkdcraw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libkdeedu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libkexiv2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libkipi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libksane\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:marble\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:okular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:oxygen-icon-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:parley\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:shared-desktop-ontologies\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:smokegen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:smokekde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:smokeqt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:step\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:svgpart\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"PyKDE4-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"akonadi-1.6.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"blinken-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"cantor-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"gwenview-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kalgebra-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kalzium-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kamera-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kanagram-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kate-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kbruch-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kcolorchooser-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kde-l10n-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kde-settings-4.7-7.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdeaccessibility-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdeadmin-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdeartwork-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdebase-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdebase-runtime-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdebase-workspace-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdeedu-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdegames-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdegraphics-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdegraphics-strigi-analyzer-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdegraphics-thumbnailers-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdelibs-4.7.1-2.fc16.1\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdemultimedia-4.7.1-4.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdenetwork-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdepim-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdepim-runtime-4.7.1-4.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdepimlibs-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdeplasma-addons-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdesdk-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdetoys-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kdeutils-4.7.1-3.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kgamma-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kgeography-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"khangman-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kig-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kiten-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"klettres-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kmplot-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kolourpaint-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"konsole-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kross-interpreters-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kruler-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"ksaneplugin-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"ksnapshot-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kstars-4.7.1-3.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"ktouch-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kturtle-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"kwordquiz-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"libkdcraw-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"libkdeedu-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"libkexiv2-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"libkipi-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"libksane-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"marble-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"okular-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"oxygen-icon-theme-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"parley-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rocs-4.7.1-3.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"shared-desktop-ontologies-0.8.0-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"smokegen-4.7.1-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"smokekde-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"smokeqt-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"step-4.7.1-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"svgpart-4.7.1-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PyKDE4 / akonadi / blinken / cantor / gwenview / kalgebra / kalzium / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-27T05:31:38", "references": ["https://access.redhat.com/security/cve/cve-2011-3365", "https://access.redhat.com/errata/RHSA-2011:1385"], "pluginID": "56561", "description": "Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2011-10-20T00:00:00", "title": "RHEL 4 / 5 / 6 : kdelibs and kdelibs3 (RHSA-2011:1385)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-11-26T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kdelibs3-devel", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:kdelibs", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6.1", "p-cpe:/a:redhat:enterprise_linux:kdelibs3-apidocs", "p-cpe:/a:redhat:enterprise_linux:kdelibs-devel", "p-cpe:/a:redhat:enterprise_linux:kdelibs3-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kdelibs3", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kdelibs-apidocs"], "id": "REDHAT-RHSA-2011-1385.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56561", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1385. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56561);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"RHSA\", value:\"2011:1385\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : kdelibs and kdelibs3 (RHSA-2011:1385)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and\nupdated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one\nsecurity issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop\nEnvironment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The desktop must be restarted\n(log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1385\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs3-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1385\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kdelibs-3.3.1-18.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kdelibs-devel-3.3.1-18.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"kdelibs-3.5.4-26.el5_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kdelibs-apidocs-3.5.4-26.el5_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kdelibs-apidocs-3.5.4-26.el5_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kdelibs-apidocs-3.5.4-26.el5_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kdelibs-devel-3.5.4-26.el5_7.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs3-3.5.10-24.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs3-apidocs-3.5.10-24.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs3-debuginfo-3.5.10-24.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs3-devel-3.5.10-24.el6_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-apidocs / kdelibs-devel / kdelibs3 / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-02T15:22:27", "references": ["https://usn.ubuntu.com/1248-1/"], "pluginID": "56647", "description": "Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-3365)\n\nIt was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2011-10-26T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : kde4libs vulnerability (USN-1248-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libkio5", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:kdelibs5"], "id": "UBUNTU_USN-1248-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56647", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1248-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56647);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"USN\", value:\"1248-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : kde4libs vulnerability (USN-1248-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tim Brown discovered that KSSL in KDE-Libs did not properly perform\ninput validation when displaying the common name (CN) for an SSL\ncertificate. An attacker could exploit this to spoof the common name\nwhich could be used in an attack to trick the user into accepting a\nfraudulent certificate. This issue only affected Ubuntu 10.04 LTS and\nUbuntu 10.10. (CVE-2011-3365)\n\nIt was discovered that KIO in KDE-Libs did not properly perform input\nvalidation during proxy authentication. An attacker could exploit this\nto modify displaying of the realm and proxy URL.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1248-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs5 and / or libkio5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkio5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"kdelibs5\", pkgver:\"4:4.4.5-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libkio5\", pkgver:\"4:4.5.5-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libkio5\", pkgver:\"4:4.6.5-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs5 / libkio5\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:57:48", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-October/002415.html", "https://oss.oracle.com/pipermail/el-errata/2011-October/002413.html", "https://oss.oracle.com/pipermail/el-errata/2011-October/002416.html"], "pluginID": "68374", "description": "From Red Hat Security Advisory 2011:1385 :\n\nUpdated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 / 6 : kdelibs / kdelibs3 (ELSA-2011-1385)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kdelibs3-apidocs", "p-cpe:/a:oracle:linux:kdelibs-apidocs", "p-cpe:/a:oracle:linux:kdelibs-devel", "p-cpe:/a:oracle:linux:kdelibs", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:kdelibs3", "p-cpe:/a:oracle:linux:kdelibs3-devel"], "id": "ORACLELINUX_ELSA-2011-1385.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68374", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1385 and \n# Oracle Linux Security Advisory ELSA-2011-1385 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68374);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"RHSA\", value:\"2011:1385\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : kdelibs / kdelibs3 (ELSA-2011-1385)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1385 :\n\nUpdated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and\nupdated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one\nsecurity issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop\nEnvironment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The desktop must be restarted\n(log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002413.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002415.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002416.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs and / or kdelibs3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs3-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"kdelibs-3.3.1-18.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"kdelibs-devel-3.3.1-18.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"kdelibs-3.5.4-26.0.1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"kdelibs-apidocs-3.5.4-26.0.1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"kdelibs-devel-3.5.4-26.0.1.el5_7.1\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"kdelibs3-3.5.10-24.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs3-apidocs-3.5.10-24.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs3-devel-3.5.10-24.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-apidocs / kdelibs-devel / kdelibs3 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:03:30", "references": ["http://www.nessus.org/u?4b2242d0"], "pluginID": "61159", "description": "The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : kdelibs and kdelibs3 on SL4.x, SL5.x, SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365"], "modified": "2014-08-16T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111019_KDELIBS_AND_KDELIBS3_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61159", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61159);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs and kdelibs3 on SL4.x, SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs and kdelibs3 packages provide libraries for the K Desktop\nEnvironment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The desktop must be restarted\n(log out, then log back in) for this update to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=1997\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b2242d0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kdelibs-3.3.1-18.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kdelibs-debuginfo-3.3.1-18.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kdelibs-devel-3.3.1-18.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"kdelibs-3.5.4-26.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kdelibs-apidocs-3.5.4-26.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kdelibs-debuginfo-3.5.4-26.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kdelibs-devel-3.5.4-26.el5_7.1\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"kdelibs3-3.5.10-24.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs3-apidocs-3.5.10-24.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs3-debuginfo-3.5.10-24.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs3-devel-3.5.10-24.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:03:25", "references": [], "pluginID": "56687", "description": "Multiple vulnerabilities was discovered and corrected in kdelibs4 :\n\nKDE KSSL in kdelibs does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2702).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid (CVE-2011-3365).\n\nThe updated packages have been patched to correct these issues.", "edition": 5, "reporter": "Tenable", "published": "2011-11-02T00:00:00", "title": "Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2011:162)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3365", "CVE-2009-2702"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libkdefakes5", "cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libkjsapi4", "p-cpe:/a:mandriva:linux:libkatepartinterfaces4", "p-cpe:/a:mandriva:linux:lib64kdeui5", "p-cpe:/a:mandriva:linux:lib64kde3support4", "p-cpe:/a:mandriva:linux:libkdewebkit5", "p-cpe:/a:mandriva:linux:kdelibs4-core", "p-cpe:/a:mandriva:linux:lib64nepomuk4", "p-cpe:/a:mandriva:linux:libknotifyconfig4", "p-cpe:/a:mandriva:linux:lib64kio5", "p-cpe:/a:mandriva:linux:libkimproxy4", "p-cpe:/a:mandriva:linux:libnepomukutils4", "p-cpe:/a:mandriva:linux:lib64kmediaplayer4", "p-cpe:/a:mandriva:linux:libkprintutils4", "p-cpe:/a:mandriva:linux:libplasma3", "p-cpe:/a:mandriva:linux:libkutils4", "p-cpe:/a:mandriva:linux:lib64kidletime4", "p-cpe:/a:mandriva:linux:lib64knewstuff34", "p-cpe:/a:mandriva:linux:libkntlm4", "p-cpe:/a:mandriva:linux:libthreadweaver4", "p-cpe:/a:mandriva:linux:lib64kfile4", "p-cpe:/a:mandriva:linux:lib64kdewebkit5", "p-cpe:/a:mandriva:linux:lib64kjsembed4", "p-cpe:/a:mandriva:linux:libkdesu5", "p-cpe:/a:mandriva:linux:libknewstuff3_4", "p-cpe:/a:mandriva:linux:lib64kimproxy4", "p-cpe:/a:mandriva:linux:lib64kdnssd4", "p-cpe:/a:mandriva:linux:libnepomukquery4", "p-cpe:/a:mandriva:linux:lib64threadweaver4", "p-cpe:/a:mandriva:linux:lib64kdefakes5", "p-cpe:/a:mandriva:linux:libkrosscore4", "p-cpe:/a:mandriva:linux:libkidletime4", "p-cpe:/a:mandriva:linux:libkmediaplayer4", "p-cpe:/a:mandriva:linux:lib64kdesu5", "p-cpe:/a:mandriva:linux:libkjsembed4", "p-cpe:/a:mandriva:linux:libkunittest4", "p-cpe:/a:mandriva:linux:libkde3support4", "p-cpe:/a:mandriva:linux:libknewstuff34", "p-cpe:/a:mandriva:linux:libktexteditor4", "p-cpe:/a:mandriva:linux:lib64knewstuff3_4", "p-cpe:/a:mandriva:linux:kdelibs4-devel", "p-cpe:/a:mandriva:linux:lib64nepomukquery4", "p-cpe:/a:mandriva:linux:libnepomuk4", "p-cpe:/a:mandriva:linux:libkunitconversion4", "p-cpe:/a:mandriva:linux:libkjs4", "p-cpe:/a:mandriva:linux:libkpty4", "p-cpe:/a:mandriva:linux:lib64plasma3", "p-cpe:/a:mandriva:linux:lib64nepomukutils4", "p-cpe:/a:mandriva:linux:lib64solid4", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:lib64knotifyconfig4", "p-cpe:/a:mandriva:linux:lib64kutils4", "p-cpe:/a:mandriva:linux:lib64kunittest4", "p-cpe:/a:mandriva:linux:lib64krosscore4", "p-cpe:/a:mandriva:linux:lib64khtml5", "p-cpe:/a:mandriva:linux:libkio5", "p-cpe:/a:mandriva:linux:lib64ktexteditor4", "p-cpe:/a:mandriva:linux:lib64kunitconversion4", "p-cpe:/a:mandriva:linux:libkrossui4", "p-cpe:/a:mandriva:linux:lib64kprintutils4", "p-cpe:/a:mandriva:linux:libkemoticons4", "p-cpe:/a:mandriva:linux:lib64kparts4", "p-cpe:/a:mandriva:linux:lib64knewstuff2_4", "p-cpe:/a:mandriva:linux:lib64kemoticons4", "p-cpe:/a:mandriva:linux:lib64kntlm4", "p-cpe:/a:mandriva:linux:libkdecore5", "p-cpe:/a:mandriva:linux:lib64kcmutils4", "p-cpe:/a:mandriva:linux:libkdeui5", "p-cpe:/a:mandriva:linux:libknewstuff2_4", "p-cpe:/a:mandriva:linux:libsolid4", "p-cpe:/a:mandriva:linux:libkcmutils4", "p-cpe:/a:mandriva:linux:libkparts4", "p-cpe:/a:mandriva:linux:lib64krossui4", "p-cpe:/a:mandriva:linux:libkhtml5", "p-cpe:/a:mandriva:linux:lib64katepartinterfaces4", "p-cpe:/a:mandriva:linux:lib64kjsapi4", "p-cpe:/a:mandriva:linux:lib64kdecore5", "p-cpe:/a:mandriva:linux:lib64kjs4", "p-cpe:/a:mandriva:linux:lib64kpty4", "p-cpe:/a:mandriva:linux:libkfile4", "p-cpe:/a:mandriva:linux:libkdnssd4"], "id": "MANDRIVA_MDVSA-2011-162.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56687", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:162. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56687);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2009-2702\", \"CVE-2011-3365\");\n script_bugtraq_id(36229, 49925);\n script_xref(name:\"MDVSA\", value:\"2011:162\");\n\n script_name(english:\"Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2011:162)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was discovered and corrected in kdelibs4 :\n\nKDE KSSL in kdelibs does not properly handle a \\'\\0\\' (NUL) character\nin a domain name in the Subject Alternative Name field of an X.509\ncertificate, which allows man-in-the-middle attackers to spoof\narbitrary SSL servers via a crafted certificate issued by a legitimate\nCertification Authority, a related issue to CVE-2009-2408\n(CVE-2009-2702).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid (CVE-2011-3365).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64katepartinterfaces4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kcmutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kde3support4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdefakes5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdesu5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdeui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdewebkit5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdnssd4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kemoticons4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kfile4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64khtml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kidletime4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kimproxy4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kio5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kjs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kjsapi4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kjsembed4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kmediaplayer4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64knewstuff2_4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64knewstuff34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64knewstuff3_4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64knotifyconfig4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kntlm4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kparts4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kprintutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kpty4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krosscore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krossui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ktexteditor4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kunitconversion4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kunittest4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nepomuk4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nepomukquery4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nepomukutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64plasma3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64solid4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64threadweaver4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkatepartinterfaces4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkcmutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkde3support4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdefakes5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdesu5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdeui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdewebkit5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdnssd4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkemoticons4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkfile4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkhtml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkidletime4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkimproxy4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkio5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkjs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkjsapi4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkjsembed4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkmediaplayer4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libknewstuff2_4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libknewstuff34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libknewstuff3_4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libknotifyconfig4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkntlm4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkparts4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkprintutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkpty4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrosscore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrossui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libktexteditor4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkunitconversion4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkunittest4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnepomuk4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnepomukquery4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnepomukutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libplasma3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsolid4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libthreadweaver4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"kdelibs4-core-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"kdelibs4-devel-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kde3support4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdecore5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdefakes5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdesu5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdeui5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdewebkit5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdnssd4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kfile4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64khtml5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kimproxy4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kio5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kjs4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kjsapi4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kjsembed4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kmediaplayer4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64knewstuff2_4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64knewstuff34-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64knotifyconfig4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kntlm4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kparts4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kpty4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64krosscore4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64krossui4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64ktexteditor4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kunitconversion4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kunittest4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kutils4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nepomuk4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nepomukquery4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64plasma3-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64solid4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64threadweaver4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkde3support4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdecore5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdefakes5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdesu5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdeui5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdewebkit5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdnssd4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkfile4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkhtml5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkimproxy4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkio5-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkjs4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkjsapi4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkjsembed4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkmediaplayer4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libknewstuff2_4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libknewstuff34-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libknotifyconfig4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkntlm4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkparts4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkpty4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkrosscore4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkrossui4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libktexteditor4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkunitconversion4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkunittest4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkutils4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnepomuk4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnepomukquery4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libplasma3-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsolid4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libthreadweaver4-4.4.5-0.4mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"kdelibs4-core-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"kdelibs4-devel-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64katepartinterfaces4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kcmutils4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kde3support4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kdecore5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kdefakes5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kdesu5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kdeui5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kdewebkit5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kdnssd4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kemoticons4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kfile4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64khtml5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kidletime4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kimproxy4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kio5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kjs4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kjsapi4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kjsembed4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kmediaplayer4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64knewstuff2_4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64knewstuff3_4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64knotifyconfig4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kntlm4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kparts4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kprintutils4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kpty4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64krosscore4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64krossui4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64ktexteditor4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kunitconversion4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kunittest4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64kutils4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nepomuk4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nepomukquery4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nepomukutils4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64plasma3-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64solid4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64threadweaver4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkatepartinterfaces4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkcmutils4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkde3support4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkdecore5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkdefakes5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkdesu5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkdeui5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkdewebkit5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkdnssd4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkemoticons4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkfile4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkhtml5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkidletime4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkimproxy4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkio5-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkjs4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkjsapi4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkjsembed4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkmediaplayer4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libknewstuff2_4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libknewstuff3_4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libknotifyconfig4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkntlm4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkparts4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkprintutils4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkpty4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkrosscore4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkrossui4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libktexteditor4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkunitconversion4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkunittest4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkutils4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnepomuk4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnepomukquery4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnepomukutils4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libplasma3-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsolid4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libthreadweaver4-4.6.5-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:38", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "noarch", "packageFilename": "kdelibs-apidocs-4.3.4-11.el6_1.4.noarch.rpm", "packageName": "kdelibs-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "noarch", "packageFilename": "kdelibs-apidocs-4.3.4-11.el6_1.4.noarch.rpm", "packageName": "kdelibs-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "i686", "packageFilename": "kdelibs-4.3.4-11.el6_1.4.i686.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "i686", "packageFilename": "kdelibs-4.3.4-11.el6_1.4.i686.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "x86_64", "packageFilename": "kdelibs-4.3.4-11.el6_1.4.x86_64.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "x86_64", "packageFilename": "kdelibs-common-4.3.4-11.el6_1.4.x86_64.rpm", "packageName": "kdelibs-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "i686", "packageFilename": "kdelibs-common-4.3.4-11.el6_1.4.i686.rpm", "packageName": "kdelibs-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "x86_64", "packageFilename": "kdelibs-devel-4.3.4-11.el6_1.4.x86_64.rpm", "packageName": "kdelibs-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "src", "packageFilename": "kdelibs-4.3.4-11.el6_1.4.src.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "src", "packageFilename": "kdelibs-4.3.4-11.el6_1.4.src.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "i686", "packageFilename": "kdelibs-devel-4.3.4-11.el6_1.4.i686.rpm", "packageName": "kdelibs-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "i686", "packageFilename": "kdelibs-devel-4.3.4-11.el6_1.4.i686.rpm", "packageName": "kdelibs-devel", "operator": "lt"}], "description": "[6:4.3.4-11.4]\n- Resolves: bz#743951, use ca-certificates' ca-bundle.crt\n[6:4.3.4-11.3]\n- Resolves: bz#743515, CVE-2011-3365 - input validation failure", "edition": 3, "reporter": "Oracle", "published": "2011-10-11T00:00:00", "title": "kdelibs security and enhancement update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3365"], "modified": "2011-10-11T00:00:00", "id": "ELSA-2011-1364", "href": "http://linux.oracle.com/errata/ELSA-2011-1364.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T01:42:55", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "ia64", "packageFilename": "kdelibs-3.5.4-26.0.1.el5_7.1.ia64.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.5.10-24.el6_1.1", "arch": "noarch", "packageFilename": "kdelibs3-apidocs-3.5.10-24.el6_1.1.noarch.rpm", "packageName": "kdelibs3-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.5.10-24.el6_1.1", "arch": "noarch", "packageFilename": "kdelibs3-apidocs-3.5.10-24.el6_1.1.noarch.rpm", "packageName": "kdelibs3-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.5.10-24.el6_1.1", "arch": "x86_64", "packageFilename": "kdelibs3-3.5.10-24.el6_1.1.x86_64.rpm", "packageName": "kdelibs3", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "src", "packageFilename": "kdelibs-3.3.1-18.0.1.el4.src.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "src", "packageFilename": "kdelibs-3.3.1-18.0.1.el4.src.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "src", "packageFilename": "kdelibs-3.3.1-18.0.1.el4.src.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.5.10-24.el6_1.1", "arch": "i686", "packageFilename": "kdelibs3-devel-3.5.10-24.el6_1.1.i686.rpm", "packageName": "kdelibs3-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.5.10-24.el6_1.1", "arch": "i686", "packageFilename": "kdelibs3-devel-3.5.10-24.el6_1.1.i686.rpm", "packageName": "kdelibs3-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "i386", "packageFilename": "kdelibs-apidocs-3.5.4-26.0.1.el5_7.1.i386.rpm", "packageName": "kdelibs-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "x86_64", "packageFilename": "kdelibs-apidocs-3.5.4-26.0.1.el5_7.1.x86_64.rpm", "packageName": "kdelibs-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "ia64", "packageFilename": "kdelibs-3.3.1-18.0.1.el4.ia64.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "i386", "packageFilename": "kdelibs-devel-3.3.1-18.0.1.el4.i386.rpm", "packageName": "kdelibs-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "ia64", "packageFilename": "kdelibs-apidocs-3.5.4-26.0.1.el5_7.1.ia64.rpm", "packageName": "kdelibs-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "ia64", "packageFilename": "kdelibs-devel-3.5.4-26.0.1.el5_7.1.ia64.rpm", "packageName": "kdelibs-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "ia64", "packageFilename": "kdelibs-devel-3.3.1-18.0.1.el4.ia64.rpm", "packageName": "kdelibs-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.5.10-24.el6_1.1", "arch": "i686", "packageFilename": "kdelibs3-3.5.10-24.el6_1.1.i686.rpm", "packageName": "kdelibs3", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.5.10-24.el6_1.1", "arch": "i686", "packageFilename": "kdelibs3-3.5.10-24.el6_1.1.i686.rpm", "packageName": "kdelibs3", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "i386", "packageFilename": "kdelibs-3.3.1-18.0.1.el4.i386.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "i386", "packageFilename": "kdelibs-3.3.1-18.0.1.el4.i386.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "i386", "packageFilename": "kdelibs-3.3.1-18.0.1.el4.i386.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "x86_64", "packageFilename": "kdelibs-3.5.4-26.0.1.el5_7.1.x86_64.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "x86_64", "packageFilename": "kdelibs-3.3.1-18.0.1.el4.x86_64.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-18.0.1.el4", "arch": "x86_64", "packageFilename": "kdelibs-devel-3.3.1-18.0.1.el4.x86_64.rpm", "packageName": "kdelibs-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "src", "packageFilename": "kdelibs-3.5.4-26.0.1.el5_7.1.src.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "src", "packageFilename": "kdelibs-3.5.4-26.0.1.el5_7.1.src.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "src", "packageFilename": "kdelibs-3.5.4-26.0.1.el5_7.1.src.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.5.10-24.el6_1.1", "arch": "src", "packageFilename": "kdelibs3-3.5.10-24.el6_1.1.src.rpm", "packageName": "kdelibs3", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.5.10-24.el6_1.1", "arch": "src", "packageFilename": "kdelibs3-3.5.10-24.el6_1.1.src.rpm", "packageName": "kdelibs3", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.5.10-24.el6_1.1", "arch": "x86_64", "packageFilename": "kdelibs3-devel-3.5.10-24.el6_1.1.x86_64.rpm", "packageName": "kdelibs3-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "i386", "packageFilename": "kdelibs-devel-3.5.4-26.0.1.el5_7.1.i386.rpm", "packageName": "kdelibs-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "i386", "packageFilename": "kdelibs-devel-3.5.4-26.0.1.el5_7.1.i386.rpm", "packageName": "kdelibs-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "i386", "packageFilename": "kdelibs-3.5.4-26.0.1.el5_7.1.i386.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "i386", "packageFilename": "kdelibs-3.5.4-26.0.1.el5_7.1.i386.rpm", "packageName": "kdelibs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.5.4-26.0.1.el5_7.1", "arch": "x86_64", "packageFilename": "kdelibs-devel-3.5.4-26.0.1.el5_7.1.x86_64.rpm", "packageName": "kdelibs-devel", "operator": "lt"}], "description": "[3.5.10-24.1]\n- Resolves: bz#746160, CVE-2011-3365, input validation failure in KSSL", "edition": 3, "reporter": "Oracle", "published": "2011-10-19T00:00:00", "title": "kdelibs and kdelibs3 security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3365"], "modified": "2011-10-19T00:00:00", "id": "ELSA-2011-1385", "href": "http://linux.oracle.com/errata/ELSA-2011-1385.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:11", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.3.1-18.el4", "arch": "i386", "packageName": "kdelibs", "packageFilename": "kdelibs-3.3.1-18.el4.i386.rpm", "operator": "lt"}], "description": "The kdelibs and kdelibs3 packages provide libraries for the K Desktop\nEnvironment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An\nattacker could supply a specially-crafted SSL certificate (for example, via\na web page) to an application using KSSL, such as the Konqueror web\nbrowser, causing misleading information to be presented to the user,\npossibly tricking them into accepting the certificate as valid.\n(CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct this issue. The desktop must be restarted (log out, then\nlog back in) for this update to take effect.\n", "reporter": "RedHat", "published": "2011-10-19T04:00:00", "type": "redhat", "title": "(RHSA-2011:1385) Moderate: kdelibs and kdelibs3 security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3365"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:22", "id": "RHSA-2011:1385", "href": "https://access.redhat.com/errata/RHSA-2011:1385", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T19:41:25", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.3.4-11.el6_1.4", "arch": "i686", "packageName": "kdelibs-debuginfo", "packageFilename": "kdelibs-debuginfo-4.3.4-11.el6_1.4.i686.rpm", "operator": "lt"}], "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An\nattacker could supply a specially-crafted SSL certificate (for example, via\na web page) to an application using KSSL, such as the Konqueror web\nbrowser, causing misleading information to be presented to the user,\npossibly tricking them into accepting the certificate as valid.\n(CVE-2011-3365)\n\nThis update also adds the following enhancement:\n\n* kdelibs provided its own set of trusted Certificate Authority (CA)\ncertificates. This update makes kdelibs use the system set from the\nca-certificates package, instead of its own copy. (BZ#743951)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct this issue and add this enhancement. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\n", "reporter": "RedHat", "published": "2011-10-11T04:00:00", "type": "redhat", "title": "(RHSA-2011:1364) Moderate: kdelibs security and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3365"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:10", "id": "RHSA-2011:1364", "href": "https://access.redhat.com/errata/RHSA-2011:1364", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:21", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3365"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "4:4.4.5-0ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kdelibs5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "4:4.5.5-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkio5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "4:4.6.5-0ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkio5", "operator": "lt"}], "description": "Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-3365)\n\nIt was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL.", "edition": 3, "reporter": "Ubuntu", "published": "2011-10-25T00:00:00", "title": "KDE-Libs vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3365"], "modified": "2011-10-25T00:00:00", "id": "USN-1248-1", "href": "https://usn.ubuntu.com/1248-1/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:35", "references": ["http://rhn.redhat.com/errata/RHSA-2011-1385.html", "https://rhn.redhat.com/errata/RHSA-2011-1385.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.5.4-26.el5.centos.1", "packageFilename": "kdelibs-devel-3.5.4-26.el5.centos.1.x86_64.rpm", "packageName": "kdelibs-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-18.el4", "packageFilename": "kdelibs-devel-3.3.1-18.el4.x86_64.rpm", "packageName": "kdelibs-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.5.4-26.el5.centos.1", "packageFilename": "kdelibs-apidocs-3.5.4-26.el5.centos.1.i386.rpm", "packageName": "kdelibs-apidocs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.5.4-26.el5.centos.1", "packageFilename": "kdelibs-3.5.4-26.el5.centos.1.x86_64.rpm", "packageName": "kdelibs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-18.el4", "packageFilename": "kdelibs-3.3.1-18.el4.src.rpm", "packageName": "kdelibs", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-18.el4", "packageFilename": "kdelibs-3.3.1-18.el4.src.rpm", "packageName": "kdelibs", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-18.el4", "packageFilename": "kdelibs-3.3.1-18.el4.i386.rpm", "packageName": "kdelibs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-18.el4", "packageFilename": "kdelibs-3.3.1-18.el4.i386.rpm", "packageName": "kdelibs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-18.el4", "packageFilename": "kdelibs-3.3.1-18.el4.x86_64.rpm", "packageName": "kdelibs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-18.el4", "packageFilename": "kdelibs-devel-3.3.1-18.el4.i386.rpm", "packageName": "kdelibs-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.5.4-26.el5.centos.1", "packageFilename": "kdelibs-3.5.4-26.el5.centos.1.src.rpm", "packageName": "kdelibs", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.5.4-26.el5.centos.1", "packageFilename": "kdelibs-3.5.4-26.el5.centos.1.src.rpm", "packageName": "kdelibs", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.5.4-26.el5.centos.1", "packageFilename": "kdelibs-devel-3.5.4-26.el5.centos.1.i386.rpm", "packageName": "kdelibs-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.5.4-26.el5.centos.1", "packageFilename": "kdelibs-devel-3.5.4-26.el5.centos.1.i386.rpm", "packageName": "kdelibs-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.5.4-26.el5.centos.1", "packageFilename": "kdelibs-apidocs-3.5.4-26.el5.centos.1.x86_64.rpm", "packageName": "kdelibs-apidocs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.5.4-26.el5.centos.1", "packageFilename": "kdelibs-3.5.4-26.el5.centos.1.i386.rpm", "packageName": "kdelibs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.5.4-26.el5.centos.1", "packageFilename": "kdelibs-3.5.4-26.el5.centos.1.i386.rpm", "packageName": "kdelibs", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2011:1385\n\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop\nEnvironment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An\nattacker could supply a specially-crafted SSL certificate (for example, via\na web page) to an application using KSSL, such as the Konqueror web\nbrowser, causing misleading information to be presented to the user,\npossibly tricking them into accepting the certificate as valid.\n(CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct this issue. The desktop must be restarted (log out, then\nlog back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018167.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018168.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-October/018123.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-October/018124.html\n\n**Affected packages:**\nkdelibs\nkdelibs-apidocs\nkdelibs-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2011-1385.html", "edition": 1, "reporter": "CentOS Project", "published": "2011-10-19T17:24:20", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "kdelibs security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3365"], "modified": "2011-11-09T15:45:49", "href": "http://lists.centos.org/pipermail/centos-announce/2011-October/018123.html", "id": "CESA-2011:1385", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:12", "references": ["http://www.nth-dimension.org.uk/pub/NDSA20111003.txt.asc", "http://www.kde.org/info/security/advisory-20111003-1.txt"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "0.8.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "rekonq", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.7.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kdelibs", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.0.*", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kdelibs", "operator": "eq"}], "description": "\nKDE Security Advisory reports:\n\nThe default rendering type for a QLabel is QLabel::AutoText,\n\t which uses heuristics to determine whether to render the given\n\t content as plain text or rich text. KSSL and Rekonq did not\n\t properly force its QLabels to use QLabel::PlainText. As a result,\n\t if given a certificate containing rich text in its fields, they\n\t would render the rich text. Specifically, a certificate\n\t containing a common name (CN) that has a table element will cause\n\t the second line of the table to be displayed. This can allow\n\t spoofing of the certificate's common name.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2011-10-03T00:00:00", "title": "kdelibs4, rekonq -- input validation failure", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3366", "CVE-2011-3365"], "modified": "2011-10-03T00:00:00", "id": "6D21A287-FCE0-11E0-A828-00235A5F2C9A", "href": "https://vuxml.freebsd.org/freebsd/6d21a287-fce0-11e0-a828-00235a5f2c9a.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "references": [], "description": "I recently discovered that various Qt applications including KSSL &#40;the KDE \r\nclass library responsible for SSL negotiation&#41;, Rekonq, Arora and Psi IM are \r\nvulnerable to UI spoofing due to their use of QLabel objects to render \r\nexternally controlled security critical information. The primary area of \r\nconcern at this time relates to the named applications SSL certificate dialogue \r\nUI however other similar dialogue boxes may also be vulnerable.\r\n\r\nAfter discussions with Nokia, KDE and the Rekonq developers the following\r\nCVEs have been assigned to this issue:\r\n\r\n* KSSL - CVE-2011-3365\r\n* Rekonq - CVE-2011-3366\r\n* Arora - CVE-2011-3367\r\n\r\nNote that no CVE has yet been assigned to Psi IM. Nokia have also\r\nupdated the QLabel class section of the Qt documentation to provide\r\nupdated security information regarding this issue.\r\n-- \r\nTim Brown\r\n&lt;mailto:timb@nth-dimension.org.uk&gt;\r\n&lt;http://www.nth-dimension.org.uk/&gt;", "edition": 1, "reporter": "Securityvulns", "published": "2011-10-10T00:00:00", "title": "Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:42", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-3366", "CVE-2011-3365", "CVE-2011-3367"], "modified": "2011-10-10T00:00:00", "id": "SECURITYVULNS:DOC:27132", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27132", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:44", "references": ["https://vulners.com/securityvulns/securityvulns:doc:27132"], "description": "Using Qt QLabel class to display security critical information allows interface spoofing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2011-10-10T00:00:00", "title": "UI spoofing in different QT applications", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:44", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-3366", "CVE-2011-3365", "CVE-2011-3367"], "modified": "2011-10-10T00:00:00", "id": "SECURITYVULNS:VULN:11952", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11952", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:45", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=469140", "https://bugs.gentoo.org/show_bug.cgi?id=358025", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3494", "https://bugs.gentoo.org/show_bug.cgi?id=513726", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1094", "https://bugs.gentoo.org/show_bug.cgi?id=384227"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.12.5-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "kde-base/kdelibs", "operator": "lt"}], "edition": 1, "description": "### Background\n\nKDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. KDE Libraries contains libraries needed by all KDE applications. \n\n### Description\n\nMultiple vulnerabilities have been discovered in KDE Libraries. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could cause a man-in-the-middle attack via any certificate issued by a legitimate certification authority. Furthermore, a local attacker may gain knowledge of user passwords through an information leak. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll KDE users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdelibs-4.12.5-r1\"", "reporter": "Gentoo Foundation", "published": "2014-06-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "gentoo", "title": "KDE Libraries: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2074", "CVE-2014-3494", "CVE-2011-1094", "CVE-2011-3365"], "modified": "2014-06-29T00:00:00", "id": "GLSA-201406-34", "href": "https://security.gentoo.org/glsa/201406-34", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-06T19:46:21", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787", "https://bugs.gentoo.org/show_bug.cgi?id=370839", "https://bugs.gentoo.org/show_bug.cgi?id=358789", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815", "https://bugs.gentoo.org/show_bug.cgi?id=350598", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812", "https://bugs.gentoo.org/show_bug.cgi?id=194151", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790", "https://bugs.gentoo.org/show_bug.cgi?id=358785", "https://bugs.gentoo.org/show_bug.cgi?id=355207", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782", "https://bugs.gentoo.org/show_bug.cgi?id=294256", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097", "https://bugs.gentoo.org/show_bug.cgi?id=294253", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760", "https://bugs.gentoo.org/show_bug.cgi?id=386321", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578", "https://bugs.gentoo.org/show_bug.cgi?id=334087", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792", "https://bugs.gentoo.org/show_bug.cgi?id=354209", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042", "https://bugs.gentoo.org/show_bug.cgi?id=356893", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526", "https://bugs.gentoo.org/show_bug.cgi?id=366697", "https://bugs.gentoo.org/show_bug.cgi?id=346897", "https://bugs.gentoo.org/show_bug.cgi?id=369069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814", "https://bugs.gentoo.org/show_bug.cgi?id=376793", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472", "https://bugs.gentoo.org/show_bug.cgi?id=366699", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023", "https://bugs.gentoo.org/show_bug.cgi?id=344059", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389", "https://bugs.gentoo.org/show_bug.cgi?id=360891", "https://bugs.gentoo.org/show_bug.cgi?id=362185", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951", "https://bugs.gentoo.org/show_bug.cgi?id=386361", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366", "https://bugs.gentoo.org/show_bug.cgi?id=352608", "https://bugs.gentoo.org/show_bug.cgi?id=358611", "https://bugs.gentoo.org/show_bug.cgi?id=372971", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471", "https://bugs.gentoo.org/show_bug.cgi?id=381169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072", "https://bugs.gentoo.org/show_bug.cgi?id=361397", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.02.72", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "sys-fs/lvm2", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.9", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "x11-apps/xrdb", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.1.19", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-libs/xine-lib", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.20", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-analyzer/sflowtool", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.9.5", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-misc/mrouted", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.34.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-libs/libsoup", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.32.2", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-misc/vino", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.17", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/xmlsec", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.3.0-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-db/unixODBC", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-php/PEAR-Mail", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.0.8", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-misc/rsync", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.8.4-r3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "gnome-base/gdm", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.9.6-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-util/oprofile", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.5.4.26862-r3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-sound/lastfmplayer", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.9.2-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-php/PEAR-PEAR", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.5.9.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-vcs/gitolite", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.4.4", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-office/gnucash", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.4-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "sys-cluster/resource-agents", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "20110502-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-misc/ca-certificates", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.1.4.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "sys-apps/shadow", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.38.00", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-libs/fmod", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.5.0-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "games-sports/racer-bin", "operator": "ge"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.1.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-util/qt-creator", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.7", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-libs/webkit-gtk", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.2.4", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-admin/syslog-ng", "operator": "lt"}], "edition": 1, "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * FMOD Studio\n * PEAR Mail\n * LVM2\n * GnuCash\n * xine-lib\n * Last.fm Scrobbler\n * WebKitGTK+\n * shadow tool suite\n * PEAR\n * unixODBC\n * Resource Agents\n * mrouted\n * rsync\n * XML Security Library\n * xrdb\n * Vino\n * OProfile\n * syslog-ng\n * sFlow Toolkit\n * GNOME Display Manager\n * libsoup\n * CA Certificates\n * Gitolite\n * QtCreator\n * Racer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll FMOD Studio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/fmod-4.38.00\"\n \n\nAll PEAR Mail users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-Mail-1.2.0\"\n \n\nAll LVM2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-fs/lvm2-2.02.72\"\n \n\nAll GnuCash users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/gnucash-2.4.4\"\n \n\nAll xine-lib users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.19\"\n \n\nAll Last.fm Scrobbler users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-sound/lastfmplayer-1.5.4.26862-r3\"\n \n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-1.2.7\"\n \n\nAll shadow tool suite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/shadow-4.1.4.3\"\n \n\nAll PEAR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-PEAR-1.9.2-r1\"\n \n\nAll unixODBC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/unixODBC-2.3.0-r1\"\n \n\nAll Resource Agents users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=sys-cluster/resource-agents-1.0.4-r1\"\n \n\nAll mrouted users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mrouted-3.9.5\"\n \n\nAll rsync users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/rsync-3.0.8\"\n \n\nAll XML Security Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/xmlsec-1.2.17\"\n \n\nAll xrdb users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xrdb-1.0.9\"\n \n\nAll Vino users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/vino-2.32.2\"\n \n\nAll OProfile users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/oprofile-0.9.6-r1\"\n \n\nAll syslog-ng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/syslog-ng-3.2.4\"\n \n\nAll sFlow Toolkit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/sflowtool-3.20\"\n \n\nAll GNOME Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=gnome-base/gdm-3.8.4-r3\"\n \n\nAll libsoup users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/libsoup-2.34.3\"\n \n\nAll CA Certificates users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-misc/ca-certificates-20110502-r1\"\n \n\nAll Gitolite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/gitolite-1.5.9.1\"\n \n\nAll QtCreator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/qt-creator-2.1.0\"\n \n\nGentoo has discontinued support for Racer. We recommend that users unmerge Racer: \n \n \n # emerge --unmerge \"games-sports/racer-bin\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues.", "reporter": "Gentoo Foundation", "published": "2014-12-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2011", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1572", "CVE-2010-4197", "CVE-2011-2472", "CVE-2010-4204", "CVE-2010-3257", "CVE-2011-1097", "CVE-2009-4111", "CVE-2010-1783", "CVE-2011-0465", "CVE-2010-3812", "CVE-2007-4370", "CVE-2010-3389", "CVE-2010-1787", "CVE-2010-1807", "CVE-2011-2473", "CVE-2011-3366", "CVE-2010-1780", "CVE-2009-4023", "CVE-2011-1144", "CVE-2010-4578", "CVE-2011-0904", "CVE-2010-4042", "CVE-2010-2526", "CVE-2010-1786", "CVE-2011-0721", "CVE-2010-1785", "CVE-2011-3365", "CVE-2011-0482", "CVE-2011-2471", "CVE-2010-4493", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-2901", "CVE-2010-3374", "CVE-2011-2524", "CVE-2010-1815", "CVE-2011-0007", "CVE-2011-0905", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1792", "CVE-2011-1760", "CVE-2010-3362", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-1791", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-4492", "CVE-2011-1425", "CVE-2011-1072", "CVE-2011-3367", "CVE-2011-0727", "CVE-2011-1951", "CVE-2010-3813", "CVE-2010-3999", "CVE-2010-0778", "CVE-2010-1793"], "modified": "2014-12-11T00:00:00", "id": "GLSA-201412-09", "href": "https://security.gentoo.org/glsa/201412-09", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}