Search...

openSUSE Security Update : libxine-devel (libxine-devel-582)

2009-07-21T00:00:00

ID SUSE_11_0_LIBXINE-DEVEL-090309.NASL
Type nessus
Reporter Tenable
Modified 2014-06-13T00:00:00

Description

Specially crafted 4x movie files could cause an integer overflow in xine-lib (CVE-2009-0698).

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libxine-devel-582.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(40055);
  script_version("$Revision: 1.8 $");
  script_cvs_date("$Date: 2014/06/13 19:44:02 $");

  script_cve_id("CVE-2009-0698");

  script_name(english:"openSUSE Security Update : libxine-devel (libxine-devel-582)");
  script_summary(english:"Check for the libxine-devel-582 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Specially crafted 4x movie files could cause an integer overflow in
xine-lib (CVE-2009-0698)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=473825"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libxine-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cwe_id(189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/03/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.0", reference:"xine-devel-1.1.12-8.5") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xine-extra-1.1.12-8.5") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xine-lib-1.1.12-8.5") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"xine-lib-32bit-1.1.12-8.5") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xine-devel / xine-extra / xine-lib / xine-lib-32bit");
}

JSON Vulners Source

Initial Source

{"id": "SUSE_11_0_LIBXINE-DEVEL-090309.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : libxine-devel (libxine-devel-582)", "description": "Specially crafted 4x movie files could cause an integer overflow in xine-lib (CVE-2009-0698).", "published": "2009-07-21T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40055", "reporter": "Tenable", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=473825"], "cvelist": ["CVE-2009-0698"], "type": "nessus", "lastseen": "2019-02-21T01:12:07", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2009-0698"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Specially crafted 4x movie files could cause an integer overflow in xine-lib (CVE-2009-0698).", "edition": 1, "enchantments": {}, "hash": "49a272238926e16b13d9a654c08ab0e1e294ea0a81a94f0ab09e9d7ecaa2fc89", "hashmap": [{"hash": "795a62ae0e2cf75a54f32bc77aa6bfd8", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "5b654bf344208f7bfbfbde6a19e76477", "key": "description"}, {"hash": "d44a4b265f457745992aee2753123da8", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "e5b1b75f7057b7f557e88710d9d1ea1d", "key": "title"}, {"hash": "756b5573bfaa633e1fe4d12a020c967c", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f14d6fcc1b8a51c59195332816e3c6d3", "key": "cvelist"}, {"hash": "62234cc898d29618a13f9783fdcf2bea", "key": "references"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "6e74cbd2638253438b2471ba1b6bdfb5", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40055", "id": "SUSE_11_0_LIBXINE-DEVEL-090309.NASL", "lastseen": "2016-09-26T17:24:06", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "40055", "published": "2009-07-21T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=473825"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxine-devel-582.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40055);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:44:02 $\");\n\n script_cve_id(\"CVE-2009-0698\");\n\n script_name(english:\"openSUSE Security Update : libxine-devel (libxine-devel-582)\");\n script_summary(english:\"Check for the libxine-devel-582 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted 4x movie files could cause an integer overflow in\nxine-lib (CVE-2009-0698).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=473825\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-devel-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-extra-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-lib-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.12-8.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-devel / xine-extra / xine-lib / xine-lib-32bit\");\n}\n", "title": "openSUSE Security Update : libxine-devel (libxine-devel-582)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-extra"], "cvelist": ["CVE-2009-0698"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Specially crafted 4x movie files could cause an integer overflow in xine-lib (CVE-2009-0698).", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "a6dfc78061414e48e639f30552cd68966c1b31e4268b6f9d851c5e6c6d7fe3b7", "hashmap": [{"hash": "795a62ae0e2cf75a54f32bc77aa6bfd8", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5b654bf344208f7bfbfbde6a19e76477", "key": "description"}, {"hash": "d44a4b265f457745992aee2753123da8", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "e5b1b75f7057b7f557e88710d9d1ea1d", "key": "title"}, {"hash": "756b5573bfaa633e1fe4d12a020c967c", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f14d6fcc1b8a51c59195332816e3c6d3", "key": "cvelist"}, {"hash": "62234cc898d29618a13f9783fdcf2bea", "key": "references"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "6e74cbd2638253438b2471ba1b6bdfb5", "key": "published"}, {"hash": "9bef107bbce608ec5c8c69295bba20c6", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40055", "id": "SUSE_11_0_LIBXINE-DEVEL-090309.NASL", "lastseen": "2018-08-30T19:36:20", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "40055", "published": "2009-07-21T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=473825"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxine-devel-582.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40055);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:44:02 $\");\n\n script_cve_id(\"CVE-2009-0698\");\n\n script_name(english:\"openSUSE Security Update : libxine-devel (libxine-devel-582)\");\n script_summary(english:\"Check for the libxine-devel-582 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted 4x movie files could cause an integer overflow in\nxine-lib (CVE-2009-0698).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=473825\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-devel-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-extra-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-lib-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.12-8.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-devel / xine-extra / xine-lib / xine-lib-32bit\");\n}\n", "title": "openSUSE Security Update : libxine-devel (libxine-devel-582)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:36:20"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-extra"], "cvelist": ["CVE-2009-0698"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Specially crafted 4x movie files could cause an integer overflow in\nxine-lib (CVE-2009-0698).", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-01-16T20:09:31", "references": [{"idList": ["OPENVAS:66247", "OPENVAS:63746", "OPENVAS:64000", "OPENVAS:136141256231066247", "OPENVAS:136141256231066245", "OPENVAS:66245", "OPENVAS:136141256231069007", "OPENVAS:136141256231064000", "OPENVAS:136141256231066401", "OPENVAS:66401"], "type": "openvas"}, {"idList": ["USN-746-1", "USN-763-1"], "type": "ubuntu"}, {"idList": ["51D1D428-42F0-11DE-AD22-000E35248AD7"], "type": "freebsd"}, {"idList": ["GLSA-201006-04"], "type": "gentoo"}, {"idList": ["UBUNTU_USN-763-1.NASL", "GENTOO_GLSA-201006-04.NASL", "UBUNTU_USN-746-1.NASL", "SUSE_XINE-DEVEL-6050.NASL", "FREEBSD_PKG_51D1D42842F011DEAD22000E35248AD7.NASL", "SUSE_LIBXINE-DEVEL-6052.NASL", "MANDRIVA_MDVSA-2009-319.NASL", "SUSE_11_LIBXINE-DEVEL-090318.NASL", "SUSE_11_1_LIBXINE-DEVEL-090309.NASL", "MANDRIVA_MDVSA-2009-299.NASL"], "type": "nessus"}, {"idList": ["CVE-2009-0698"], "type": "cve"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "acd14c48f4e7954b50ccc52202bdaef9e38f42217093fad6cf2648d5fdba9738", "hashmap": [{"hash": "795a62ae0e2cf75a54f32bc77aa6bfd8", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "d44a4b265f457745992aee2753123da8", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "e5b1b75f7057b7f557e88710d9d1ea1d", "key": "title"}, {"hash": "756b5573bfaa633e1fe4d12a020c967c", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f14d6fcc1b8a51c59195332816e3c6d3", "key": "cvelist"}, {"hash": "62234cc898d29618a13f9783fdcf2bea", "key": "references"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "6e74cbd2638253438b2471ba1b6bdfb5", "key": "published"}, {"hash": "9bef107bbce608ec5c8c69295bba20c6", "key": "cpe"}, {"hash": "97d5b7919b3598f91a6da4400e136976", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40055", "id": "SUSE_11_0_LIBXINE-DEVEL-090309.NASL", "lastseen": "2019-01-16T20:09:31", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "40055", "published": "2009-07-21T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=473825"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxine-devel-582.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40055);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:44:02 $\");\n\n script_cve_id(\"CVE-2009-0698\");\n\n script_name(english:\"openSUSE Security Update : libxine-devel (libxine-devel-582)\");\n script_summary(english:\"Check for the libxine-devel-582 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted 4x movie files could cause an integer overflow in\nxine-lib (CVE-2009-0698).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=473825\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-devel-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-extra-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-lib-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.12-8.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-devel / xine-extra / xine-lib / xine-lib-32bit\");\n}\n", "title": "openSUSE Security Update : libxine-devel (libxine-devel-582)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2019-01-16T20:09:31"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-extra"], "cvelist": ["CVE-2009-0698"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Specially crafted 4x movie files could cause an integer overflow in xine-lib (CVE-2009-0698).", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "4cc2d6410bd1bd8929d99f1aa46ad2d19c7dec97ee74d98524b8b5eb4da54ea0", "hashmap": [{"hash": "795a62ae0e2cf75a54f32bc77aa6bfd8", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "5b654bf344208f7bfbfbde6a19e76477", "key": "description"}, {"hash": "d44a4b265f457745992aee2753123da8", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "e5b1b75f7057b7f557e88710d9d1ea1d", "key": "title"}, {"hash": "756b5573bfaa633e1fe4d12a020c967c", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f14d6fcc1b8a51c59195332816e3c6d3", "key": "cvelist"}, {"hash": "62234cc898d29618a13f9783fdcf2bea", "key": "references"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "6e74cbd2638253438b2471ba1b6bdfb5", "key": "published"}, {"hash": "9bef107bbce608ec5c8c69295bba20c6", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40055", "id": "SUSE_11_0_LIBXINE-DEVEL-090309.NASL", "lastseen": "2017-10-29T13:36:29", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "40055", "published": "2009-07-21T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=473825"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxine-devel-582.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40055);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:44:02 $\");\n\n script_cve_id(\"CVE-2009-0698\");\n\n script_name(english:\"openSUSE Security Update : libxine-devel (libxine-devel-582)\");\n script_summary(english:\"Check for the libxine-devel-582 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted 4x movie files could cause an integer overflow in\nxine-lib (CVE-2009-0698).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=473825\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-devel-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-extra-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-lib-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.12-8.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-devel / xine-extra / xine-lib / xine-lib-32bit\");\n}\n", "title": "openSUSE Security Update : libxine-devel (libxine-devel-582)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:36:29"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-extra"], "cvelist": ["CVE-2009-0698"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Specially crafted 4x movie files could cause an integer overflow in xine-lib (CVE-2009-0698).", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "4cc2d6410bd1bd8929d99f1aa46ad2d19c7dec97ee74d98524b8b5eb4da54ea0", "hashmap": [{"hash": "795a62ae0e2cf75a54f32bc77aa6bfd8", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "5b654bf344208f7bfbfbde6a19e76477", "key": "description"}, {"hash": "d44a4b265f457745992aee2753123da8", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "e5b1b75f7057b7f557e88710d9d1ea1d", "key": "title"}, {"hash": "756b5573bfaa633e1fe4d12a020c967c", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f14d6fcc1b8a51c59195332816e3c6d3", "key": "cvelist"}, {"hash": "62234cc898d29618a13f9783fdcf2bea", "key": "references"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "6e74cbd2638253438b2471ba1b6bdfb5", "key": "published"}, {"hash": "9bef107bbce608ec5c8c69295bba20c6", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40055", "id": "SUSE_11_0_LIBXINE-DEVEL-090309.NASL", "lastseen": "2018-09-01T23:41:21", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "40055", "published": "2009-07-21T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=473825"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxine-devel-582.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40055);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:44:02 $\");\n\n script_cve_id(\"CVE-2009-0698\");\n\n script_name(english:\"openSUSE Security Update : libxine-devel (libxine-devel-582)\");\n script_summary(english:\"Check for the libxine-devel-582 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted 4x movie files could cause an integer overflow in\nxine-lib (CVE-2009-0698).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=473825\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-devel-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-extra-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-lib-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.12-8.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-devel / xine-extra / xine-lib / xine-lib-32bit\");\n}\n", "title": "openSUSE Security Update : libxine-devel (libxine-devel-582)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-09-01T23:41:21"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "9bef107bbce608ec5c8c69295bba20c6"}, {"key": "cvelist", "hash": "f14d6fcc1b8a51c59195332816e3c6d3"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "5b654bf344208f7bfbfbde6a19e76477"}, {"key": "href", "hash": "795a62ae0e2cf75a54f32bc77aa6bfd8"}, {"key": "modified", "hash": "02fcc0c238d215158fbaabb854c5b3df"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "d44a4b265f457745992aee2753123da8"}, {"key": "published", "hash": "6e74cbd2638253438b2471ba1b6bdfb5"}, {"key": "references", "hash": "62234cc898d29618a13f9783fdcf2bea"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "756b5573bfaa633e1fe4d12a020c967c"}, {"key": "title", "hash": "e5b1b75f7057b7f557e88710d9d1ea1d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "4cc2d6410bd1bd8929d99f1aa46ad2d19c7dec97ee74d98524b8b5eb4da54ea0", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0698"]}, {"type": "nessus", "idList": ["SUSE_11_LIBXINE-DEVEL-090318.NASL", "SUSE_11_1_LIBXINE-DEVEL-090309.NASL", "SUSE_XINE-DEVEL-6050.NASL", "SUSE_LIBXINE-DEVEL-6052.NASL", "MANDRIVA_MDVSA-2009-299.NASL", "UBUNTU_USN-763-1.NASL", "UBUNTU_USN-746-1.NASL", "FREEBSD_PKG_51D1D42842F011DEAD22000E35248AD7.NASL", "MANDRIVA_MDVSA-2009-319.NASL", "GENTOO_GLSA-201006-04.NASL"]}, {"type": "ubuntu", "idList": ["USN-746-1", "USN-763-1"]}, {"type": "freebsd", "idList": ["51D1D428-42F0-11DE-AD22-000E35248AD7"]}, {"type": "openvas", "idList": ["OPENVAS:66247", "OPENVAS:136141256231066247", "OPENVAS:136141256231066245", "OPENVAS:64000", "OPENVAS:66245", "OPENVAS:136141256231064000", "OPENVAS:136141256231069007", "OPENVAS:66401", "OPENVAS:136141256231063891", "OPENVAS:63891"]}, {"type": "gentoo", "idList": ["GLSA-201006-04"]}], "modified": "2019-02-21T01:12:07"}, "score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxine-devel-582.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40055);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:44:02 $\");\n\n script_cve_id(\"CVE-2009-0698\");\n\n script_name(english:\"openSUSE Security Update : libxine-devel (libxine-devel-582)\");\n script_summary(english:\"Check for the libxine-devel-582 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted 4x movie files could cause an integer overflow in\nxine-lib (CVE-2009-0698).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=473825\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-devel-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-extra-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-lib-1.1.12-8.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.12-8.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-devel / xine-extra / xine-lib / xine-lib-32bit\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "40055", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-extra"], "scheme": null}

{"cve": [{"lastseen": "2018-10-11T11:33:52", "bulletinFamily": "NVD", "description": "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.", "modified": "2018-10-10T15:30:34", "published": "2009-02-23T10:30:04", "id": "CVE-2009-0698", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0698", "title": "CVE-2009-0698", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:12:28", "bulletinFamily": "scanner", "description": "Specially crafted 4x movie files could cause an integer overflow in xine-lib. (CVE-2009-0698)", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_LIBXINE-DEVEL-090318.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41434", "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : Xine (SAT Patch Number 643)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41434);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2009-0698\");\n\n script_name(english:\"SuSE 11 Security Update : Xine (SAT Patch Number 643)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted 4x movie files could cause an integer overflow in\nxine-lib. (CVE-2009-0698)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=473825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0698.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 643.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxine1-gnome-vfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxine1-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libxine1-1.1.15-23.1.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libxine1-gnome-vfs-1.1.15-23.1.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libxine1-pulse-1.1.15-23.1.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libxine1-1.1.15-23.1.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libxine1-gnome-vfs-1.1.15-23.1.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libxine1-pulse-1.1.15-23.1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:11:36", "bulletinFamily": "scanner", "description": "Specially crafted 4x movie files could cause an integer overflow in xine-lib (CVE-2009-0698).", "modified": "2014-06-13T00:00:00", "id": "SUSE_LIBXINE-DEVEL-6052.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36203", "published": "2009-04-21T00:00:00", "title": "openSUSE 10 Security Update : libxine-devel (libxine-devel-6052)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxine-devel-6052.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36203);\n script_version (\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:31:02 $\");\n\n script_cve_id(\"CVE-2009-0698\");\n\n script_name(english:\"openSUSE 10 Security Update : libxine-devel (libxine-devel-6052)\");\n script_summary(english:\"Check for the libxine-devel-6052 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted 4x movie files could cause an integer overflow in\nxine-lib (CVE-2009-0698).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xine-devel-1.1.8-14.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xine-extra-1.1.8-14.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xine-lib-1.1.8-14.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.8-14.14\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-devel / xine-extra / xine-lib / xine-lib-32bit\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:14:27", "bulletinFamily": "scanner", "description": "Specially crafted 4x movie files could cause an integer overflow in xine-lib. (CVE-2009-0698)", "modified": "2012-05-17T00:00:00", "id": "SUSE_XINE-DEVEL-6050.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51769", "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : Xine (ZYPP Patch Number 6050)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51769);\n script_version (\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:27:19 $\");\n\n script_cve_id(\"CVE-2009-0698\");\n\n script_name(english:\"SuSE 10 Security Update : Xine (ZYPP Patch Number 6050)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted 4x movie files could cause an integer overflow in\nxine-lib. (CVE-2009-0698)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0698.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6050.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"xine-devel-1.1.1-24.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"xine-lib-1.1.1-24.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.46\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:11", "bulletinFamily": "scanner", "description": "Specially crafted 4x movie files could cause an integer overflow in xine-lib (CVE-2009-0698).", "modified": "2014-06-13T00:00:00", "id": "SUSE_11_1_LIBXINE-DEVEL-090309.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40274", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : libxine-devel (libxine-devel-582)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxine-devel-582.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40274);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:55:04 $\");\n\n script_cve_id(\"CVE-2009-0698\");\n\n script_name(english:\"openSUSE Security Update : libxine-devel (libxine-devel-582)\");\n script_summary(english:\"Check for the libxine-devel-582 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted 4x movie files could cause an integer overflow in\nxine-lib (CVE-2009-0698).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=473825\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxine1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxine1-gnome-vfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxine1-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libxine-devel-1.1.15-23.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libxine1-1.1.15-23.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libxine1-gnome-vfs-1.1.15-23.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libxine1-pulse-1.1.15-23.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libxine1-32bit-1.1.15-23.3.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxine-devel / libxine1 / libxine1-32bit / libxine1-gnome-vfs / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:11:50", "bulletinFamily": "scanner", "description": "It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0698)\n\nUSN-710-1 provided updated xine-lib packages to fix multiple security vulnerabilities. The security patch to fix CVE-2008-5239 introduced a regression causing some media files to be unplayable. This update corrects the problem. We apologize for the inconvenience.\n\nIt was discovered that the input handlers in xine-lib did not correctly handle certain error codes, resulting in out-of-bounds reads and heap- based buffer overflows. If a user or automated system were tricked into opening a specially crafted file, stream, or URL, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5239).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-746-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37983", "published": "2009-04-23T00:00:00", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : xine-lib vulnerability (USN-746-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-746-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37983);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2008-5239\", \"CVE-2009-0698\");\n script_bugtraq_id(33502);\n script_xref(name:\"USN\", value:\"746-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : xine-lib vulnerability (USN-746-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the 4xm demuxer in xine-lib did not correctly\nhandle a large current_track value in a 4xm file, resulting in an\ninteger overflow. If a user or automated system were tricked into\nopening a specially crafted 4xm movie file, an attacker could crash\nxine-lib or possibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2009-0698)\n\nUSN-710-1 provided updated xine-lib packages to fix multiple security\nvulnerabilities. The security patch to fix CVE-2008-5239 introduced a\nregression causing some media files to be unplayable. This update\ncorrects the problem. We apologize for the inconvenience.\n\nIt was discovered that the input handlers in xine-lib did not\ncorrectly handle certain error codes, resulting in out-of-bounds reads\nand heap- based buffer overflows. If a user or automated system were\ntricked into opening a specially crafted file, stream, or URL, an\nattacker could execute arbitrary code as the user invoking the\nprogram. (CVE-2008-5239).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/746-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-main1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-all-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-misc-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2018 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libxine-dev\", pkgver:\"1.1.1+ubuntu2-7.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libxine-main1\", pkgver:\"1.1.1+ubuntu2-7.11\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine-dev\", pkgver:\"1.1.7-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1\", pkgver:\"1.1.7-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-console\", pkgver:\"1.1.7-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-dbg\", pkgver:\"1.1.7-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-doc\", pkgver:\"1.1.7-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-ffmpeg\", pkgver:\"1.1.7-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-gnome\", pkgver:\"1.1.7-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-plugins\", pkgver:\"1.1.7-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine-dev\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-all-plugins\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-bin\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-console\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-dbg\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-doc\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-ffmpeg\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-gnome\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-misc-plugins\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-plugins\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-x\", pkgver:\"1.1.11.1-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine-dev\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-all-plugins\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-bin\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-console\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-dbg\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-doc\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-ffmpeg\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-gnome\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-misc-plugins\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-plugins\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-x\", pkgver:\"1.1.15-0ubuntu3.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxine-dev / libxine-main1 / libxine1 / libxine1-all-plugins / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:42", "bulletinFamily": "scanner", "description": "Vulnerabilities have been discovered and corrected in xine-lib :\n\n - Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow (CVE-2009-1274)\n\n - Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698)\n\nThis update fixes these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2009-299.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42810", "published": "2009-11-16T00:00:00", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:299)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:299. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42810);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/19 20:59:16\");\n\n script_cve_id(\"CVE-2009-0698\", \"CVE-2009-1274\");\n script_xref(name:\"MDVSA\", value:\"2009:299\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:299)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities have been discovered and corrected in xine-lib :\n\n - Integer overflow in the qt_error parse_trak_atom\n function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and\n earlier allows remote attackers to execute arbitrary\n code via a Quicktime movie file with a large count value\n in an STTS atom, which triggers a heap-based buffer\n overflow (CVE-2009-1274)\n\n - Integer overflow in the 4xm demuxer\n (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows\n remote attackers to cause a denial of service (crash)\n and possibly execute arbitrary code via a 4X movie file\n with a large current_track value, a similar issue to\n CVE-2009-0385 (CVE-2009-0698)\n\nThis update fixes these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-wavpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxine1-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-aa-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-caca-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-dxr3-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-esd-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-flac-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-gnomevfs-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-image-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-jack-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-plugins-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-pulse-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-sdl-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-smb-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-wavpack-1.1.15-2.2mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:11:48", "bulletinFamily": "scanner", "description": "It was discovered that the QT demuxer in xine-lib did not correctly handle a large count value in an STTS atom, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2009-1274)\n\nUSN-746-1 provided updated xine-lib packages to fix multiple security vulnerabilities. The security patch to fix CVE-2009-0698 was incomplete. This update corrects the problem.\n\nIt was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0698).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-763-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37806", "published": "2009-04-23T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : xine-lib vulnerabilities (USN-763-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-763-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37806);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2009-0698\", \"CVE-2009-1274\");\n script_bugtraq_id(33502, 34384);\n script_xref(name:\"USN\", value:\"763-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : xine-lib vulnerabilities (USN-763-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the QT demuxer in xine-lib did not correctly\nhandle a large count value in an STTS atom, resulting in a heap-based\nbuffer overflow. If a user or automated system were tricked into\nopening a specially crafted MOV file, an attacker could execute\narbitrary code as the user invoking the program. (CVE-2009-1274)\n\nUSN-746-1 provided updated xine-lib packages to fix multiple security\nvulnerabilities. The security patch to fix CVE-2009-0698 was\nincomplete. This update corrects the problem.\n\nIt was discovered that the 4xm demuxer in xine-lib did not correctly\nhandle a large current_track value in a 4xm file, resulting in an\ninteger overflow. If a user or automated system were tricked into\nopening a specially crafted 4xm movie file, an attacker could crash\nxine-lib or possibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2009-0698).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/763-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-main1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-all-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-misc-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2018 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libxine-dev\", pkgver:\"1.1.1+ubuntu2-7.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libxine-main1\", pkgver:\"1.1.1+ubuntu2-7.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine-dev\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-all-plugins\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-bin\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-console\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-dbg\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-doc\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-ffmpeg\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-gnome\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-misc-plugins\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-plugins\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-x\", pkgver:\"1.1.11.1-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine-dev\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-all-plugins\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-bin\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-console\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-dbg\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-doc\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-ffmpeg\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-gnome\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-misc-plugins\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-plugins\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-x\", pkgver:\"1.1.15-0ubuntu3.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxine-dev / libxine-main1 / libxine1 / libxine1-all-plugins / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:11:54", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were fixed in libxine 1.1.16.2.\n\nTobias Klein reports :\n\nFFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.\n\nNote: A similar issue also affects xine-lib < version 1.1.16.2.\n\nxine developers report :\n\n- Fix broken size checks in various input plugins (ref.\nCVE-2008-5239).\n\n- More malloc checking (ref. CVE-2008-5240).", "modified": "2018-12-19T00:00:00", "id": "FREEBSD_PKG_51D1D42842F011DEAD22000E35248AD7.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38803", "published": "2009-05-18T00:00:00", "title": "FreeBSD : libxine -- multiple vulnerabilities (51d1d428-42f0-11de-ad22-000e35248ad7)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38803);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2008-5234\", \"CVE-2008-5240\", \"CVE-2009-0698\");\n\n script_name(english:\"FreeBSD : libxine -- multiple vulnerabilities (51d1d428-42f0-11de-ad22-000e35248ad7)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in libxine 1.1.16.2.\n\nTobias Klein reports :\n\nFFmpeg contains a type conversion vulnerability while parsing\nmalformed 4X movie files. The vulnerability may be exploited by a\n(remote) attacker to execute arbitrary code in the context of FFmpeg\nor an application using the FFmpeg library.\n\nNote: A similar issue also affects xine-lib < version 1.1.16.2.\n\nxine developers report :\n\n- Fix broken size checks in various input plugins (ref.\nCVE-2008-5239).\n\n- More malloc checking (ref. CVE-2008-5240).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trapkit.de/advisories/TKADV2009-004.txt\"\n );\n # http://sourceforge.net/project/shownotes.php?release_id=660071\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0976caf4\"\n );\n # https://vuxml.freebsd.org/freebsd/51d1d428-42f0-11de-ad22-000e35248ad7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b155e38\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.1.16.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:47", "bulletinFamily": "scanner", "description": "Vulnerabilities have been discovered and corrected in xine-lib :\n\nFailure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-3231).\n\nFailure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files (CVE: CVE-2008-5233).\n\nHeap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata (CVE-2008-5234).\n\nHeap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files (CVE-2008-5236).\n\nFailure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-5237).\n\nMultiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Further this problem can even lead attackers to cause denial of service (CVE-2008-5239).\n\nHeap-based overflow allows attackers to execute arbitrary code by using crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry element). Further a failure on handling of Real media files (CONT_TAG header) can lead to a denial of service attack (CVE-2008-5240).\n\nInteger underflow allows remote attackers to cause denial of service by using Quicktime media files (CVE-2008-5241).\n\nFailure on manipulation of Real media files can lead remote attackers to cause a denial of service by indexing an allocated buffer with a certain input value in a crafted file (CVE-2008-5243).\n\nVulnerabilities of unknown impact - possibly buffer overflow - caused by a condition of video frame preallocation before ascertaining the required length in V4L video input plugin (CVE-2008-5245).\n\nHeap-based overflow allows remote attackers to execute arbitrary code by using crafted media files. This vulnerability is in the manipulation of ID3 audio file data tagging mainly used in MP3 file formats (CVE-2008-5246).\n\nInteger overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow (CVE-2009-1274)\n\nInteger overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698)\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers\n\nThis update fixes these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2009-319.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43022", "published": "2009-12-07T00:00:00", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:319)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:319. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43022);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/19 20:59:16\");\n\n script_cve_id(\n \"CVE-2008-3231\",\n \"CVE-2008-5233\",\n \"CVE-2008-5234\",\n \"CVE-2008-5236\",\n \"CVE-2008-5237\",\n \"CVE-2008-5239\",\n \"CVE-2008-5240\",\n \"CVE-2008-5241\",\n \"CVE-2008-5243\",\n \"CVE-2008-5245\",\n \"CVE-2008-5246\",\n \"CVE-2009-0698\",\n \"CVE-2009-1274\"\n );\n script_bugtraq_id(\n 30698,\n 30699,\n 30797,\n 33502,\n 34384\n );\n script_xref(name:\"MDVSA\", value:\"2009:319\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:319)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities have been discovered and corrected in xine-lib :\n\nFailure on Ogg files manipulation can lead remote attackers to cause a\ndenial of service by using crafted files (CVE-2008-3231).\n\nFailure on manipulation of either MNG or Real or MOD files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE: CVE-2008-5233).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using Quicktime media files holding crafted metadata\n(CVE-2008-5234).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using either crafted Matroska or Real media files (CVE-2008-5236).\n\nFailure on manipulation of either MNG or Quicktime files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE-2008-5237).\n\nMultiple heap-based overflow on input plugins (http, net, smb, dvd,\ndvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to\nexecute arbitrary code by handling that input channels. Further this\nproblem can even lead attackers to cause denial of service\n(CVE-2008-5239).\n\nHeap-based overflow allows attackers to execute arbitrary code by\nusing crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track\nentry element). Further a failure on handling of Real media files\n(CONT_TAG header) can lead to a denial of service attack\n(CVE-2008-5240).\n\nInteger underflow allows remote attackers to cause denial of service\nby using Quicktime media files (CVE-2008-5241).\n\nFailure on manipulation of Real media files can lead remote attackers\nto cause a denial of service by indexing an allocated buffer with a\ncertain input value in a crafted file (CVE-2008-5243).\n\nVulnerabilities of unknown impact - possibly buffer overflow - caused\nby a condition of video frame preallocation before ascertaining the\nrequired length in V4L video input plugin (CVE-2008-5245).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using crafted media files. This vulnerability is in the\nmanipulation of ID3 audio file data tagging mainly used in MP3 file\nformats (CVE-2008-5246).\n\nInteger overflow in the qt_error parse_trak_atom function in\ndemuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote\nattackers to execute arbitrary code via a Quicktime movie file with a\nlarge count value in an STTS atom, which triggers a heap-based buffer\noverflow (CVE-2009-1274)\n\nInteger overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib\n1.1.16.1 allows remote attackers to cause a denial of service (crash)\nand possibly execute arbitrary code via a 4X movie file with a large\ncurrent_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698)\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\n\nThis update fixes these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine1-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-aa-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-caca-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-dxr3-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-esd-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-flac-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-gnomevfs-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-image-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-jack-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-plugins-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-pulse-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-sdl-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-smb-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:25", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201006-04 (xine-lib: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been reported in xine-lib. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-201006-04.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46771", "published": "2010-06-02T00:00:00", "title": "GLSA-201006-04 : xine-lib: User-assisted execution of arbitrary code", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201006-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46771);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\", \"CVE-2009-0698\", \"CVE-2009-1274\");\n script_bugtraq_id(30698, 30699, 30797, 33502, 34384);\n script_xref(name:\"GLSA\", value:\"201006-04\");\n\n script_name(english:\"GLSA-201006-04 : xine-lib: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201006-04\n(xine-lib: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been reported in xine-lib. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to play a specially crafted video\n file or stream with a player using xine-lib, potentially resulting in\n the execution of arbitrary code with the privileges of the user running\n the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201006-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to an unaffected version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.16.3'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since April 10, 2009. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.16.3\"), vulnerable:make_list(\"lt 1.1.16.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:59", "bulletinFamily": "unix", "description": "It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0698)\n\nUSN-710-1 provided updated xine-lib packages to fix multiple security vulnerabilities. The security patch to fix CVE-2008-5239 introduced a regression causing some media files to be unplayable. This update corrects the problem. We apologize for the inconvenience.\n\nOriginal advisory details: It was discovered that the input handlers in xine-lib did not correctly handle certain error codes, resulting in out-of-bounds reads and heap- based buffer overflows. If a user or automated system were tricked into opening a specially crafted file, stream, or URL, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5239)", "modified": "2009-03-26T00:00:00", "published": "2009-03-26T00:00:00", "id": "USN-746-1", "href": "https://usn.ubuntu.com/746-1/", "title": "xine-lib vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:08:26", "bulletinFamily": "unix", "description": "It was discovered that the QT demuxer in xine-lib did not correctly handle a large count value in an STTS atom, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2009-1274)\n\nUSN-746-1 provided updated xine-lib packages to fix multiple security vulnerabilities. The security patch to fix CVE-2009-0698 was incomplete. This update corrects the problem.\n\nOriginal advisory details: It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0698)", "modified": "2009-04-20T00:00:00", "published": "2009-04-20T00:00:00", "id": "USN-763-1", "href": "https://usn.ubuntu.com/763-1/", "title": "xine-lib vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:26", "bulletinFamily": "unix", "description": "\nMultiple vulnerabilities were fixed in libxine 1.1.16.2.\nTobias Klein reports:\n\nFFmpeg contains a type conversion vulnerability while\n\t parsing malformed 4X movie files. The vulnerability may be\n\t exploited by a (remote) attacker to execute arbitrary code in\n\t the context of FFmpeg or an application using the FFmpeg\n\t library.\nNote: A similar issue also affects xine-lib < version\n\t 1.1.16.2.\n\nxine developers report:\n\n\nFix broken size checks in various input plugins (ref.\n\t CVE-2008-5239).\nMore malloc checking (ref. CVE-2008-5240).\n\n\n", "modified": "2009-02-15T00:00:00", "published": "2009-02-15T00:00:00", "id": "51D1D428-42F0-11DE-AD22-000E35248AD7", "href": "https://vuxml.freebsd.org/freebsd/51d1d428-42f0-11de-ad22-000e35248ad7.html", "title": "libxine -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:56:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:299.", "modified": "2017-07-06T00:00:00", "published": "2009-11-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66247", "id": "OPENVAS:66247", "title": "Mandriva Security Advisory MDVSA-2009:299 (xine-lib)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_299.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:299 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vulnerabilities have been discovered and corrected in xine-lib:\n\n- Integer overflow in the qt_error parse_trak_atom function in\ndemuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote\nattackers to execute arbitrary code via a Quicktime movie file with a\nlarge count value in an STTS atom, which triggers a heap-based buffer\noverflow (CVE-2009-1274)\n\n- Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c)\nin xine-lib 1.1.16.1 allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a 4X movie\nfile with a large current_track value, a similar issue to CVE-2009-0385\n(CVE-2009-0698)\n\nThis update fixes these issues.\n\nAffected: 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:299\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:299.\";\n\n \n\nif(description)\n{\n script_id(66247);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-1274\", \"CVE-2009-0385\", \"CVE-2009-0698\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:299 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-caca\", rpm:\"xine-caca~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-image\", rpm:\"xine-image~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-jack\", rpm:\"xine-jack~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-pulse\", rpm:\"xine-pulse~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-sdl\", rpm:\"xine-sdl~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-smb\", rpm:\"xine-smb~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-wavpack\", rpm:\"xine-wavpack~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine-devel\", rpm:\"lib64xine-devel~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:299.", "modified": "2018-04-06T00:00:00", "published": "2009-11-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066247", "id": "OPENVAS:136141256231066247", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:299 (xine-lib)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_299.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:299 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vulnerabilities have been discovered and corrected in xine-lib:\n\n- Integer overflow in the qt_error parse_trak_atom function in\ndemuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote\nattackers to execute arbitrary code via a Quicktime movie file with a\nlarge count value in an STTS atom, which triggers a heap-based buffer\noverflow (CVE-2009-1274)\n\n- Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c)\nin xine-lib 1.1.16.1 allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a 4X movie\nfile with a large current_track value, a similar issue to CVE-2009-0385\n(CVE-2009-0698)\n\nThis update fixes these issues.\n\nAffected: 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:299\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:299.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66247\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-1274\", \"CVE-2009-0385\", \"CVE-2009-0698\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:299 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-caca\", rpm:\"xine-caca~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-image\", rpm:\"xine-image~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-jack\", rpm:\"xine-jack~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-pulse\", rpm:\"xine-pulse~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-sdl\", rpm:\"xine-sdl~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-smb\", rpm:\"xine-smb~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-wavpack\", rpm:\"xine-wavpack~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine-devel\", rpm:\"lib64xine-devel~1.1.15~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-05-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64000", "id": "OPENVAS:64000", "title": "FreeBSD Ports: libxine", "type": "openvas", "sourceData": "#\n#VID 51d1d428-42f0-11de-ad22-000e35248ad7\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 51d1d428-42f0-11de-ad22-000e35248ad7\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: libxine\n\nCVE-2009-0698\nInteger overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib\n1.1.16.1 allows remote attackers to cause a denial of service (crash)\nand possibly execute arbitrary code via a 4X movie file with a large\ncurrent_track value, a similar issue to CVE-2009-0385.\n\nCVE-2008-5234\nMultiple heap-based buffer overflows in xine-lib 1.1.12, and other\nversions before 1.1.15, allow remote attackers to execute arbitrary\ncode via vectors related to (1) a crafted metadata atom size processed\nby the parse_moov_atom function in demux_qt.c and (2) frame reading in\nthe id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is\npossible that vector 1 has not been fixed in 1.1.15.\n\nCVE-2008-5240\nxine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an\nuntrusted input value to determine the memory allocation and does not\ncheck the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry\nelement processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG,\nand (4) CONT_TAG chunks processed by the real_parse_headers function\nin demux_real.c; which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and crash) or possibly execute\narbitrary code via a crafted value.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://trapkit.de/advisories/TKADV2009-004.txt\nhttp://sourceforge.net/project/shownotes.php?release_id=660071\nhttp://www.vuxml.org/freebsd/51d1d428-42f0-11de-ad22-000e35248ad7.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64000);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0698\", \"CVE-2008-5234\", \"CVE-2008-5240\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: libxine\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"libxine\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.16.2\")<0) {\n txt += 'Package libxine version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:298.", "modified": "2017-07-07T00:00:00", "published": "2009-11-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66245", "id": "OPENVAS:66245", "title": "Mandriva Security Advisory MDVSA-2009:298 (xine-lib)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_298.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:298 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vulnerabilities have been discovered and corrected in xine-lib:\n\n- xine-lib before 1.1.15 allows remote attackers to cause a denial\nof service (crash) via mp3 files with metadata consisting only of\nseparators (CVE-2008-5248)\n\n- Integer overflow in the qt_error parse_trak_atom function in\ndemuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote\nattackers to execute arbitrary code via a Quicktime movie file with a\nlarge count value in an STTS atom, which triggers a heap-based buffer\noverflow (CVE-2009-1274)\n\n- Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c)\nin xine-lib 1.1.16.1 allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a 4X movie\nfile with a large current_track value, a similar issue to CVE-2009-0385\n(CVE-2009-0698)\n\nThis update fixes these issues.\n\nAffected: Corporate 3.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:298\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:298.\";\n\n \n\nif(description)\n{\n script_id(66245);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2008-5248\", \"CVE-2009-1274\", \"CVE-2009-0385\", \"CVE-2009-0698\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:298 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1-devel\", rpm:\"libxine1-devel~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-arts\", rpm:\"xine-arts~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1-devel\", rpm:\"lib64xine1-devel~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-05-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064000", "id": "OPENVAS:136141256231064000", "type": "openvas", "title": "FreeBSD Ports: libxine", "sourceData": "#\n#VID 51d1d428-42f0-11de-ad22-000e35248ad7\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 51d1d428-42f0-11de-ad22-000e35248ad7\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: libxine\n\nCVE-2009-0698\nInteger overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib\n1.1.16.1 allows remote attackers to cause a denial of service (crash)\nand possibly execute arbitrary code via a 4X movie file with a large\ncurrent_track value, a similar issue to CVE-2009-0385.\n\nCVE-2008-5234\nMultiple heap-based buffer overflows in xine-lib 1.1.12, and other\nversions before 1.1.15, allow remote attackers to execute arbitrary\ncode via vectors related to (1) a crafted metadata atom size processed\nby the parse_moov_atom function in demux_qt.c and (2) frame reading in\nthe id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is\npossible that vector 1 has not been fixed in 1.1.15.\n\nCVE-2008-5240\nxine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an\nuntrusted input value to determine the memory allocation and does not\ncheck the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry\nelement processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG,\nand (4) CONT_TAG chunks processed by the real_parse_headers function\nin demux_real.c; which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and crash) or possibly execute\narbitrary code via a crafted value.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://trapkit.de/advisories/TKADV2009-004.txt\nhttp://sourceforge.net/project/shownotes.php?release_id=660071\nhttp://www.vuxml.org/freebsd/51d1d428-42f0-11de-ad22-000e35248ad7.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64000\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0698\", \"CVE-2008-5234\", \"CVE-2008-5240\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: libxine\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"libxine\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.16.2\")<0) {\n txt += 'Package libxine version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:298.", "modified": "2018-04-06T00:00:00", "published": "2009-11-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066245", "id": "OPENVAS:136141256231066245", "title": "Mandriva Security Advisory MDVSA-2009:298 (xine-lib)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_298.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:298 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vulnerabilities have been discovered and corrected in xine-lib:\n\n- xine-lib before 1.1.15 allows remote attackers to cause a denial\nof service (crash) via mp3 files with metadata consisting only of\nseparators (CVE-2008-5248)\n\n- Integer overflow in the qt_error parse_trak_atom function in\ndemuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote\nattackers to execute arbitrary code via a Quicktime movie file with a\nlarge count value in an STTS atom, which triggers a heap-based buffer\noverflow (CVE-2009-1274)\n\n- Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c)\nin xine-lib 1.1.16.1 allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a 4X movie\nfile with a large current_track value, a similar issue to CVE-2009-0385\n(CVE-2009-0698)\n\nThis update fixes these issues.\n\nAffected: Corporate 3.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:298\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:298.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66245\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2008-5248\", \"CVE-2009-1274\", \"CVE-2009-0385\", \"CVE-2009-0698\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:298 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1-devel\", rpm:\"libxine1-devel~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-arts\", rpm:\"xine-arts~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1-devel\", rpm:\"lib64xine1-devel~1~0.rc3.6.18.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-03-14T14:35:25", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201006-04.", "modified": "2019-03-14T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:136141256231069007", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069007", "title": "Gentoo Security Advisory GLSA 201006-04 (xine-lib)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201006_04.nasl 14171 2019-03-14 10:22:03Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69007\");\n script_version(\"$Revision: 14171 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 11:22:03 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\", \"CVE-2009-0698\", \"CVE-2009-1274\");\n script_name(\"Gentoo Security Advisory GLSA 201006-04 (xine-lib)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in xine-lib might result in the remote execution\n of arbitrary code.\");\n script_tag(name:\"solution\", value:\"All xine-lib users should upgrade to an unaffected version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.16.3'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201006-04\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=234777\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=249041\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=260069\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=265250\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201006-04.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/xine-lib\", unaffected: make_list(\"ge 1.1.16.3\"), vulnerable: make_list(\"lt 1.1.16.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:319.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066401", "id": "OPENVAS:136141256231066401", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:319 (xine-lib)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_319.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:319 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vulnerabilities have been discovered and corrected in xine-lib:\n\nFailure on Ogg files manipulation can lead remote attackers to cause\na denial of service by using crafted files (CVE-2008-3231).\n\nFailure on manipulation of either MNG or Real or MOD files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE: CVE-2008-5233).\n\nHeap-based overflow allows remote attackers to execute arbitrary\ncode by using Quicktime media files holding crafted metadata\n(CVE-2008-5234).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using either crafted Matroska or Real media files (CVE-2008-5236).\n\nFailure on manipulation of either MNG or Quicktime files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE-2008-5237).\n\nMultiple heap-based overflow on input plugins (http, net, smb, dvd,\ndvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to\nexecute arbitrary code by handling that input channels. Further\nthis problem can even lead attackers to cause denial of service\n(CVE-2008-5239).\n\nHeap-based overflow allows attackers to execute arbitrary code by using\ncrafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry\nelement). Further a failure on handling of Real media files (CONT_TAG\nheader) can lead to a denial of service attack (CVE-2008-5240).\n\nInteger underflow allows remote attackers to cause denial of service\nby using Quicktime media files (CVE-2008-5241).\n\nFailure on manipulation of Real media files can lead remote attackers\nto cause a denial of service by indexing an allocated buffer with a\ncertain input value in a crafted file (CVE-2008-5243).\n\nVulnerabilities of unknown impact - possibly buffer overflow - caused\nby a condition of video frame preallocation before ascertaining the\nrequired length in V4L video input plugin (CVE-2008-5245).\n\nHeap-based overflow allows remote attackers to execute arbitrary\ncode by using crafted media files. This vulnerability is in the\nmanipulation of ID3 audio file data tagging mainly used in MP3 file\nformats (CVE-2008-5246).\n\nInteger overflow in the qt_error parse_trak_atom function in\ndemuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote\nattackers to execute arbitrary code via a Quicktime movie file with a\nlarge count value in an STTS atom, which triggers a heap-based buffer\noverflow (CVE-2009-1274)\n\nInteger overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib\n1.1.16.1 allows remote attackers to cause a denial of service (crash)\nand possibly execute arbitrary code via a 4X movie file with a large\ncurrent_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698)\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nThis update fixes these issues.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:319\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:319.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66401\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5243\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2009-1274\", \"CVE-2009-0385\", \"CVE-2009-0698\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:319 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-caca\", rpm:\"xine-caca~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-image\", rpm:\"xine-image~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-jack\", rpm:\"xine-jack~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-pulse\", rpm:\"xine-pulse~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-sdl\", rpm:\"xine-sdl~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-smb\", rpm:\"xine-smb~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine-devel\", rpm:\"lib64xine-devel~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:42", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:009. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "modified": "2018-04-06T00:00:00", "published": "2009-04-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063891", "id": "OPENVAS:136141256231063891", "title": "SuSE Security Summary SUSE-SR:2009:009", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_009.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:009\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:009. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63891\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2008-4311\", \"CVE-2008-4989\", \"CVE-2009-0193\", \"CVE-2009-0196\", \"CVE-2009-0365\", \"CVE-2009-0578\", \"CVE-2009-0586\", \"CVE-2009-0658\", \"CVE-2009-0698\", \"CVE-2009-0790\", \"CVE-2009-0792\", \"CVE-2009-0922\", \"CVE-2009-0927\", \"CVE-2009-0928\", \"CVE-2009-1061\", \"CVE-2009-1062\", \"CVE-2009-1171\", \"CVE-2009-1241\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:009\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-doc\", rpm:\"NetworkManager-doc~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs\", rpm:\"aufs~cvs20081020~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-default\", rpm:\"aufs-kmp-default~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-pae\", rpm:\"aufs-kmp-pae~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-xen\", rpm:\"aufs-kmp-xen~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.95.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.95.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1\", rpm:\"dbus-1~1.2.10~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel\", rpm:\"dbus-1-devel~1.2.10~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel-doc\", rpm:\"dbus-1-devel-doc~1.2.10~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"deb\", rpm:\"deb~1.14.21~10.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2\", rpm:\"glib2~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-branding-upstream\", rpm:\"glib2-branding-upstream~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-devel\", rpm:\"glib2-devel~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-doc\", rpm:\"glib2-doc~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-lang\", rpm:\"glib2-lang~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel\", rpm:\"gnome-panel~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-devel\", rpm:\"gnome-panel-devel~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-doc\", rpm:\"gnome-panel-doc~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-extras\", rpm:\"gnome-panel-extras~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-lang\", rpm:\"gnome-panel-lang~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2\", rpm:\"gpg2~2.0.9~25.108.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2-lang\", rpm:\"gpg2-lang~2.0.9~25.108.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base\", rpm:\"gstreamer-0_10-plugins-base~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base-devel\", rpm:\"gstreamer-0_10-plugins-base-devel~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base-doc\", rpm:\"gstreamer-0_10-plugins-base-doc~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base-lang\", rpm:\"gstreamer-0_10-plugins-base-lang~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-akonadi\", rpm:\"kde4-akonadi~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-akonadi-devel\", rpm:\"kde4-akonadi-devel~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-akregator\", rpm:\"kde4-akregator~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-dolphin\", rpm:\"kde4-dolphin~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kaddressbook\", rpm:\"kde4-kaddressbook~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kalarm\", rpm:\"kde4-kalarm~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdepasswd\", rpm:\"kde4-kdepasswd~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdialog\", rpm:\"kde4-kdialog~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdm\", rpm:\"kde4-kdm~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdm-branding-upstream\", rpm:\"kde4-kdm-branding-upstream~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-keditbookmarks\", rpm:\"kde4-keditbookmarks~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kfind\", rpm:\"kde4-kfind~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kgreeter-plugins\", rpm:\"kde4-kgreeter-plugins~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kinfocenter\", rpm:\"kde4-kinfocenter~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kjots\", rpm:\"kde4-kjots~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kmail\", rpm:\"kde4-kmail~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-knode\", rpm:\"kde4-knode~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-knotes\", rpm:\"kde4-knotes~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-konqueror\", rpm:\"kde4-konqueror~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-konsole\", rpm:\"kde4-konsole~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kontact\", rpm:\"kde4-kontact~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-korganizer\", rpm:\"kde4-korganizer~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-ktimetracker\", rpm:\"kde4-ktimetracker~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-ktnef\", rpm:\"kde4-ktnef~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kwin\", rpm:\"kde4-kwin~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kwrite\", rpm:\"kde4-kwrite~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4\", rpm:\"kdebase4~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-libkonq\", rpm:\"kdebase4-libkonq~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-nsplugin\", rpm:\"kdebase4-nsplugin~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-runtime\", rpm:\"kdebase4-runtime~4.1.3~4.2.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace\", rpm:\"kdebase4-workspace~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace-branding-upstream\", rpm:\"kdebase4-workspace-branding-upstream~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace-devel\", rpm:\"kdebase4-workspace-devel~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace-ksysguardd\", rpm:\"kdebase4-workspace-ksysguardd~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdelibs4\", rpm:\"kdelibs4~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdelibs4-core\", rpm:\"kdelibs4-core~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdelibs4-doc\", rpm:\"kdelibs4-doc~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3\", rpm:\"kdepim3~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-devel\", rpm:\"kdepim3-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-kpilot\", rpm:\"kdepim3-kpilot~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-mobile\", rpm:\"kdepim3-mobile~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-notes\", rpm:\"kdepim3-notes~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-time-management\", rpm:\"kdepim3-time-management~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim4\", rpm:\"kdepim4~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim4-devel\", rpm:\"kdepim4-devel~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim4-wizards\", rpm:\"kdepim4-wizards~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepimlibs4\", rpm:\"kdepimlibs4~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.21~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.21~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kio_iso\", rpm:\"kio_iso~1.99.2.beta2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kitchensync\", rpm:\"kitchensync~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.46~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database\", rpm:\"koffice-database~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-mysql\", rpm:\"koffice-database-mysql~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-psql\", rpm:\"koffice-database-psql~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-extra\", rpm:\"koffice-extra~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-illustration\", rpm:\"koffice-illustration~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-planning\", rpm:\"koffice-planning~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-presentation\", rpm:\"koffice-presentation~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-python\", rpm:\"koffice-python~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-ruby\", rpm:\"koffice-ruby~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-spreadsheet\", rpm:\"koffice-spreadsheet~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-wordprocessing\", rpm:\"koffice-wordprocessing~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-clients\", rpm:\"krb5-apps-clients~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krusader\", rpm:\"krusader~1.99.2.beta2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libakonadi4\", rpm:\"libakonadi4~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-2_0-0\", rpm:\"libgio-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-fam\", rpm:\"libgio-fam~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libglib-2_0-0\", rpm:\"libglib-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgmodule-2_0-0\", rpm:\"libgmodule-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas\", rpm:\"libgnomecanvas~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas-devel\", rpm:\"libgnomecanvas-devel~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas-doc\", rpm:\"libgnomecanvas-doc~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas-lang\", rpm:\"libgnomecanvas-lang~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra-devel\", rpm:\"libgnutls-extra-devel~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra26\", rpm:\"libgnutls-extra26~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgobject-2_0-0\", rpm:\"libgobject-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgstinterfaces-0_10-0\", rpm:\"libgstinterfaces-0_10-0~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgthread-2_0-0\", rpm:\"libgthread-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal\", rpm:\"libkcal~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal-devel\", rpm:\"libkcal-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal2\", rpm:\"libkcal2~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkde4\", rpm:\"libkde4~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkde4-devel\", rpm:\"libkde4-devel~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdecore4\", rpm:\"libkdecore4~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdecore4-devel\", rpm:\"libkdecore4-devel~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepim4\", rpm:\"libkdepim4~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepim4-devel\", rpm:\"libkdepim4-devel~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepimlibs4\", rpm:\"libkdepimlibs4~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepimlibs4-devel\", rpm:\"libkdepimlibs4-devel~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime-devel\", rpm:\"libkmime-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime2\", rpm:\"libkmime2~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkonq-devel\", rpm:\"libkonq-devel~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkonq5\", rpm:\"libkonq5~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef-devel\", rpm:\"libktnef-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef1\", rpm:\"libktnef1~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpcap-devel\", rpm:\"libpcap-devel~0.9.8~50.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpcap0\", rpm:\"libpcap0~0.9.8~50.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev-devel\", rpm:\"libudev-devel~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0\", rpm:\"libudev0~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~126~17.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id1\", rpm:\"libvolume_id1~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1-gnome-vfs\", rpm:\"libxine1-gnome-vfs~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1-pulse\", rpm:\"libxine1-pulse~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"module-init-tools\", rpm:\"module-init-tools~3.4~56.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.6.16~1.47.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.6.16~1.47.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"phonon-backend-xine\", rpm:\"phonon-backend-xine~4.1.3~4.2.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.8~1.24.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.8~1.24.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.71.11~7.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~97.78.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~97.78.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-audio\", rpm:\"bluez-audio~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-cups\", rpm:\"bluez-cups~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-test\", rpm:\"bluez-test~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-utils\", rpm:\"bluez-utils~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.95.1~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.95.1~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2\", rpm:\"glib2~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-branding-upstream\", rpm:\"glib2-branding-upstream~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-devel\", rpm:\"glib2-devel~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-doc\", rpm:\"glib2-doc~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-lang\", rpm:\"glib2-lang~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2\", rpm:\"gpg2~2.0.9~22.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2-lang\", rpm:\"gpg2-lang~2.0.9~22.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal\", rpm:\"hal~0.5.11~8.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal-devel\", rpm:\"hal-devel~0.5.11~8.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3\", rpm:\"kdepim3~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-devel\", rpm:\"kdepim3-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-kpilot\", rpm:\"kdepim3-kpilot~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-mobile\", rpm:\"kdepim3-mobile~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-notes\", rpm:\"kdepim3-notes~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-time-management\", rpm:\"kdepim3-time-management~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kitchensync\", rpm:\"kitchensync~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.46~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database\", rpm:\"koffice-database~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-mysql\", rpm:\"koffice-database-mysql~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-psql\", rpm:\"koffice-database-psql~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-extra\", rpm:\"koffice-extra~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-illustration\", rpm:\"koffice-illustration~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-planning\", rpm:\"koffice-planning~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-presentation\", rpm:\"koffice-presentation~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-python\", rpm:\"koffice-python~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-ruby\", rpm:\"koffice-ruby~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-spreadsheet\", rpm:\"koffice-spreadsheet~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-wordprocessing\", rpm:\"koffice-wordprocessing~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-clients\", rpm:\"krb5-apps-clients~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-2_0-0\", rpm:\"libgio-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-fam\", rpm:\"libgio-fam~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libglib-2_0-0\", rpm:\"libglib-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgmodule-2_0-0\", rpm:\"libgmodule-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra-devel\", rpm:\"libgnutls-extra-devel~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra26\", rpm:\"libgnutls-extra26~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgobject-2_0-0\", rpm:\"libgobject-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgthread-2_0-0\", rpm:\"libgthread-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal\", rpm:\"libkcal~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal-devel\", rpm:\"libkcal-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal2\", rpm:\"libkcal2~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime-devel\", rpm:\"libkmime-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime2\", rpm:\"libkmime2~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef-devel\", rpm:\"libktnef-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef1\", rpm:\"libktnef1~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.4.7~130.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.4.7~130.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.1~11.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.1~11.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.70.8~3.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009d~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-devel\", rpm:\"xine-devel~1.1.12~8.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-extra\", rpm:\"xine-extra~1.1.12~8.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-lib\", rpm:\"xine-lib~1.1.12~8.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~95.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~95.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~0.11.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.21post~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.21post~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-cups\", rpm:\"bluez-cups~3.18~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-test\", rpm:\"bluez-test~3.18~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-utils\", rpm:\"bluez-utils~3.18~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.95.1~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.95.1~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2\", rpm:\"glib2~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-devel\", rpm:\"glib2-devel~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-doc\", rpm:\"glib2-doc~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-lang\", rpm:\"glib2-lang~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.6.1~36.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.6.1~36.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2\", rpm:\"gpg2~2.0.4~49.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3\", rpm:\"kdepim3~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-devel\", rpm:\"kdepim3-devel~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-kpilot\", rpm:\"kdepim3-kpilot~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-mobile\", rpm:\"kdepim3-mobile~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-notes\", rpm:\"kdepim3-notes~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-time-management\", rpm:\"kdepim3-time-management~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kitchensync\", rpm:\"kitchensync~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.46~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database\", rpm:\"koffice-database~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-mysql\", rpm:\"koffice-database-mysql~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-psql\", rpm:\"koffice-database-psql~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-extra\", rpm:\"koffice-extra~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-illustration\", rpm:\"koffice-illustration~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-planning\", rpm:\"koffice-planning~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-presentation\", rpm:\"koffice-presentation~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-python\", rpm:\"koffice-python~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-ruby\", rpm:\"koffice-ruby~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-spreadsheet\", rpm:\"koffice-spreadsheet~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-wordprocessing\", rpm:\"koffice-wordprocessing~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-clients\", rpm:\"krb5-apps-clients~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.4.7~64.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.4.7~64.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.70.2~4.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009d~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-devel\", rpm:\"xine-devel~1.1.8~14.14\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-extra\", rpm:\"xine-extra~1.1.8~14.14\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-lib\", rpm:\"xine-lib~1.1.8~14.14\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~19.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~19.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:19:57", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201006-04.", "modified": "2017-08-30T00:00:00", "published": "2011-03-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=69007", "id": "OPENVAS:69007", "title": "Gentoo Security Advisory GLSA 201006-04 (xine-lib)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in xine-lib might result in the remote execution\n of arbitrary code.\";\ntag_solution = \"All xine-lib users should upgrade to an unaffected version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.16.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201006-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=234777\nhttp://bugs.gentoo.org/show_bug.cgi?id=249041\nhttp://bugs.gentoo.org/show_bug.cgi?id=260069\nhttp://bugs.gentoo.org/show_bug.cgi?id=265250\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201006-04.\";\n\n \n \n\nif(description)\n{\n script_id(69007);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\", \"CVE-2009-0698\", \"CVE-2009-1274\");\n script_name(\"Gentoo Security Advisory GLSA 201006-04 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/xine-lib\", unaffected: make_list(\"ge 1.1.16.3\"), vulnerable: make_list(\"lt 1.1.16.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:57", "bulletinFamily": "unix", "description": "### Background\n\nxine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. \n\n### Description\n\nMultiple vulnerabilities have been reported in xine-lib. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xine-lib users should upgrade to an unaffected version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.16.3\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 10, 2009. It is likely that your system is already no longer affected by this issue.", "modified": "2010-06-01T00:00:00", "published": "2010-06-01T00:00:00", "id": "GLSA-201006-04", "href": "https://security.gentoo.org/glsa/201006-04", "type": "gentoo", "title": "xine-lib: User-assisted execution of arbitrary code", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}