{"id": "SUSE_POPPLER-4638.NASL", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : poppler (poppler-4638)", "description": "A buffer overflow in the xpdf code contained in poppler could be\nexploited by attackers to potentially execute arbitrary code\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).", "published": "2007-11-12T00:00:00", "modified": "2007-11-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/28178", "reporter": "This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "type": "nessus", "lastseen": "2021-01-17T14:46:56", "edition": 23, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"]}, {"type": "nessus", "idList": ["SUSE_KOFFICE-4649.NASL", "UBUNTU_USN-542-2.NASL", "DEBIAN_DSA-1537.NASL", "FEDORA_2007-2985.NASL", "MANDRAKE_MDKSA-2007-222.NASL", "MANDRAKE_MDKSA-2007-219.NASL", "FREEBSD_PKG_2747FC39915B11DC9239001C2514716C.NASL", "REDHAT-RHSA-2007-1021.NASL", "SUSE_KDEGRAPHICS3-PDF-4682.NASL", "FEDORA_2007-3093.NASL"]}, {"type": "ubuntu", "idList": ["USN-542-2", "USN-542-1"]}, {"type": "redhat", "idList": ["RHSA-2007:1026", "RHSA-2007:1025", "RHSA-2007:1029"]}, {"type": "openvas", "idList": ["OPENVAS:65346", "OPENVAS:830276", "OPENVAS:850099", "OPENVAS:830113", "OPENVAS:861503", "OPENVAS:136141256231065346", "OPENVAS:861094", "OPENVAS:861227", "OPENVAS:830066", "OPENVAS:59242"]}, {"type": "fedora", "idList": ["FEDORA:LA9NE49Q011462", "FEDORA:LAD057H4022394", "FEDORA:LAD057UF022395", "FEDORA:LA9NOK5S013218", "FEDORA:LAD057UL022395", "FEDORA:LA9NHRQD012014", "FEDORA:LAD057UM022395", "FEDORA:LAD057UH022395", "FEDORA:LAD057H3022394", "FEDORA:LAD057UG022395"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1024", "ELSA-2007-1029", "ELSA-2007-1026"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18373", "SECURITYVULNS:VULN:8328"]}, {"type": "centos", "idList": ["CESA-2007:1024", "CESA-2007:1029"]}, {"type": "suse", "idList": ["SUSE-SA:2007:060"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1537-1:8A8BD"]}], "modified": "2021-01-17T14:46:56", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-01-17T14:46:56", "rev": 2}, "vulnersScore": 8.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update poppler-4638.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28178);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n\n script_name(english:\"openSUSE 10 Security Update : poppler (poppler-4638)\");\n script_summary(english:\"Check for the poppler-4638 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in the xpdf code contained in poppler could be\nexploited by attackers to potentially execute arbitrary code\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler-qt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"poppler-0.4.4-19.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"poppler-devel-0.4.4-19.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"poppler-glib-0.4.4-19.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"poppler-qt-0.4.4-19.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"poppler-0.5.4-33.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"poppler-devel-0.5.4-33.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"poppler-glib-0.5.4-33.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"poppler-qt-0.5.4-33.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"poppler-tools-0.5.4-33.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-0.5.4-101.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-devel-0.5.4-101.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-glib-0.5.4-101.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-qt-0.5.4-101.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-qt4-0.5.4-101.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-tools-0.5.4-101.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-devel / poppler-glib / poppler-qt / poppler-tools / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "28178", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:poppler-devel", "p-cpe:/a:novell:opensuse:poppler-glib", "p-cpe:/a:novell:opensuse:poppler", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:poppler-qt", "p-cpe:/a:novell:opensuse:poppler-qt4", "p-cpe:/a:novell:opensuse:poppler-tools"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:45:54", "description": "Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.", "edition": 3, "cvss3": {}, "published": "2007-11-08T02:46:00", "title": "CVE-2007-5392", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5392"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:xpdf:xpdf:3.0.1_pl1"], "id": "CVE-2007-5392", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5392", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:45:54", "description": "Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.", "edition": 3, "cvss3": {}, "published": "2007-11-08T02:46:00", "title": "CVE-2007-5393", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5393"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:xpdf:xpdf:3.02p11"], "id": "CVE-2007-5393", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5393", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:xpdf:xpdf:3.02p11:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:45:53", "description": "Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.", "edition": 3, "cvss3": {}, "published": "2007-11-08T02:46:00", "title": "CVE-2007-4352", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4352"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:xpdf:xpdf:3.0.1_pl1"], "id": "CVE-2007-4352", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4352", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:57:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Check for the Version of cups", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830276", "href": "http://plugins.openvas.org/nasl.php?oid=830276", "type": "openvas", "title": "Mandriva Update for cups MDKSA-2007:228 (cups)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDKSA-2007:228 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Alin Rad Pop found several flaws in how PDF files are handled in cups.\n An attacker could create a malicious PDF file that would cause cups\n to crash or potentially execute arbitrary code when opened.\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"cups on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-11/msg00036.php\");\n script_id(830276);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:228\");\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_name( \"Mandriva Update for cups MDKSA-2007:228 (cups)\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.10~2.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.10~2.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.10~2.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.10~2.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.10~2.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.10~2.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.10~2.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.10~2.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.4~1.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.4~1.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.4~1.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.4~1.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.4~1.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.4~1.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.4~1.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.4~1.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.0~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.0~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.0~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.0~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.0~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.0~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.0~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.0~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Check for the Version of kdewebdev", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861229", "href": "http://plugins.openvas.org/nasl.php?oid=861229", "type": "openvas", "title": "Fedora Update for kdewebdev FEDORA-2007-2985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdewebdev FEDORA-2007-2985\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdewebdev on Fedora 7\";\ntag_insight = \"Web development applications, including:\n * kfilereplace: batch search and replace tool\n * kimagemapeditor: HTML image map editor\n * klinkstatus: link checker\n * kommander: visual dialog building tool\n * kxsldbg: xslt Debugger\n * quanta+: web development\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00313.html\");\n script_id(861229);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2985\");\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_name( \"Fedora Update for kdewebdev FEDORA-2007-2985\");\n\n script_summary(\"Check for the Version of kdewebdev\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdewebdev\", rpm:\"kdewebdev~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdewebdev-debuginfo\", rpm:\"kdewebdev-debuginfo~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdewebdev-devel\", rpm:\"kdewebdev-devel~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdewebdev\", rpm:\"kdewebdev~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdewebdev-devel\", rpm:\"kdewebdev-devel~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdewebdev\", rpm:\"kdewebdev~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdewebdev-debuginfo\", rpm:\"kdewebdev-debuginfo~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Check for the Version of kdeartwork", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861314", "href": "http://plugins.openvas.org/nasl.php?oid=861314", "type": "openvas", "title": "Fedora Update for kdeartwork FEDORA-2007-2985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdeartwork FEDORA-2007-2985\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdeartwork on Fedora 7\";\ntag_insight = \"Additional artwork (themes, sound themes, screensavers ...) for KDE.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00322.html\");\n script_id(861314);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2985\");\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_name( \"Fedora Update for kdeartwork FEDORA-2007-2985\");\n\n script_summary(\"Check for the Version of kdeartwork\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdeartwork\", rpm:\"kdeartwork~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeartwork-icons\", rpm:\"kdeartwork-icons~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeartwork-kxs\", rpm:\"kdeartwork-kxs~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeartwork-extras\", rpm:\"kdeartwork-extras~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeartwork\", rpm:\"kdeartwork~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeartwork-debuginfo\", rpm:\"kdeartwork-debuginfo~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeartwork\", rpm:\"kdeartwork~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeartwork-kxs\", rpm:\"kdeartwork-kxs~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeartwork-icons\", rpm:\"kdeartwork-icons~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeartwork-debuginfo\", rpm:\"kdeartwork-debuginfo~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeartwork-extras\", rpm:\"kdeartwork-extras~3.5.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdegraphics3-pdf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065999", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065999", "type": "openvas", "title": "SLES10: Security update for kdegraphics3-pdf", "sourceData": "#\n#VID slesp1-kdegraphics3-pdf-4682\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for kdegraphics3-pdf\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdegraphics3-pdf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65999\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for kdegraphics3-pdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics3-pdf\", rpm:\"kdegraphics3-pdf~3.5.1~23.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Check for the Version of kdeutils", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861133", "href": "http://plugins.openvas.org/nasl.php?oid=861133", "type": "openvas", "title": "Fedora Update for kdeutils FEDORA-2007-2985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdeutils FEDORA-2007-2985\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Utilities for the K Desktop Environment.\n Includes:\n * ark (tar/gzip archive manager);\n\n * kcalc (scientific calculator);\n \n * kcharselect (character selector);\n * kdepasswd (change password);\n * kdessh (ssh front end);\n * kdf (view disk usage);\n * kedit (simple text editor);\n * kfloppy (floppy formatting tool);\n * kgpg (gpg gui)\n * khexedit (hex editor);\n * kjots (note taker);\n * ktimer (task scheduler);\n * kwikdisk (removable media utility)\";\n\ntag_affected = \"kdeutils on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00311.html\");\n script_id(861133);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2985\");\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_name( \"Fedora Update for kdeutils FEDORA-2007-2985\");\n\n script_summary(\"Check for the Version of kdeutils\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdeutils\", rpm:\"kdeutils~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeutils\", rpm:\"kdeutils~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeutils-extras\", rpm:\"kdeutils-extras~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeutils-devel\", rpm:\"kdeutils-devel~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeutils-debuginfo\", rpm:\"kdeutils-debuginfo~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeutils-devel\", rpm:\"kdeutils-devel~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeutils-extras\", rpm:\"kdeutils-extras~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeutils\", rpm:\"kdeutils~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeutils-debuginfo\", rpm:\"kdeutils-debuginfo~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Check for the Version of kdeedu", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861503", "href": "http://plugins.openvas.org/nasl.php?oid=861503", "type": "openvas", "title": "Fedora Update for kdeedu FEDORA-2007-2985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdeedu FEDORA-2007-2985\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdeedu on Fedora 7\";\ntag_insight = \"Educational/Edutainment applications, including:\n * blinken: Simon Says Game\n * kalzium: Periodic Table of Elements\n * kanagram: Letter Order Game\n * kbruch: Exercise Fractions\n * keduca: Tests and Exams\n * kgeography: Geography Trainer\n * khangman: Hangman Game\n * kig: Interactive Geometry\n * kiten: Japanese Reference/Study Tool\n * klatin: Latin Reviser\n * klettres: French alphabet tutor\n * kmplot: Mathematical Function Plotter\n * kpercentage: Excersie Percentages\n * kstars: Desktop Planetarium\n * ktouch: Touch Typing Tutor\n * kturtle: Logo Programming Environment\n * kverbos: Study Spanish Verbforms\n * kvoctrain: Vocabulary Trainer\n * kwordquiz: Vocabulary Trainer\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00324.html\");\n script_id(861503);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2985\");\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_name( \"Fedora Update for kdeedu FEDORA-2007-2985\");\n\n script_summary(\"Check for the Version of kdeedu\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdeedu\", rpm:\"kdeedu~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeedu\", rpm:\"kdeedu~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeedu-debuginfo\", rpm:\"kdeedu-debuginfo~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeedu-devel\", rpm:\"kdeedu-devel~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeedu-devel\", rpm:\"kdeedu-devel~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeedu\", rpm:\"kdeedu~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdeedu-debuginfo\", rpm:\"kdeedu-debuginfo~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Check for the Version of kdesdk", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861101", "href": "http://plugins.openvas.org/nasl.php?oid=861101", "type": "openvas", "title": "Fedora Update for kdesdk FEDORA-2007-2985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdesdk FEDORA-2007-2985\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdesdk on Fedora 7\";\ntag_insight = \"A collection of applications and tools used by developers, including:\n * cervisia: a CVS frontend\n * kbabel: PO file management\n * kbugbuster: a tool to manage the KDE bug report system\n * kcachegrind: a browser for data produced by profiling tools (e.g. cachegrind)\n * kompare: diff tool\n * kuiviewer: displays designer's UI files\n * umbrello: UML modeller and UML diagram tool\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00323.html\");\n script_id(861101);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2985\");\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_name( \"Fedora Update for kdesdk FEDORA-2007-2985\");\n\n script_summary(\"Check for the Version of kdesdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdesdk\", rpm:\"kdesdk~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdesdk-debuginfo\", rpm:\"kdesdk-debuginfo~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdesdk-devel\", rpm:\"kdesdk-devel~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdesdk\", rpm:\"kdesdk~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdesdk\", rpm:\"kdesdk~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdesdk-devel\", rpm:\"kdesdk-devel~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdesdk-debuginfo\", rpm:\"kdesdk-debuginfo~3.5.8~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Check for the Version of kdegames", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861190", "href": "http://plugins.openvas.org/nasl.php?oid=861190", "type": "openvas", "title": "Fedora Update for kdegames FEDORA-2007-2985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdegames FEDORA-2007-2985\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdegames on Fedora 7\";\ntag_insight = \"Games and gaming libraries for the K Desktop Environment.\n Included with this package are: kenolaba, kasteroids, kblackbox, kmahjongg,\n kmines, konquest, kpat, kpoker, kreversi, ksame, kshisen, ksmiletris,\n ksnake, ksirtet, katomic, kjumpingcube, ktuberling.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00316.html\");\n script_id(861190);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2985\");\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_name( \"Fedora Update for kdegames FEDORA-2007-2985\");\n\n script_summary(\"Check for the Version of kdegames\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegames\", rpm:\"kdegames~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegames-debuginfo\", rpm:\"kdegames-debuginfo~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegames-devel\", rpm:\"kdegames-devel~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegames\", rpm:\"kdegames~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegames-debuginfo\", rpm:\"kdegames-debuginfo~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegames-devel\", rpm:\"kdegames-devel~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegames\", rpm:\"kdegames~3.5.8~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-devel\n cups-libs\n cups-client\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016608 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65346", "href": "http://plugins.openvas.org/nasl.php?oid=65346", "type": "openvas", "title": "SLES9: Security update for Cups", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016608.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Cups\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-devel\n cups-libs\n cups-client\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016608 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65346);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Cups\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.44\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Check for the Version of kdemultimedia", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861094", "href": "http://plugins.openvas.org/nasl.php?oid=861094", "type": "openvas", "title": "Fedora Update for kdemultimedia FEDORA-2007-2985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdemultimedia FEDORA-2007-2985\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdemultimedia on Fedora 7\";\ntag_insight = \"The K Desktop Environment (KDE) is a GUI desktop for the X Window\n System. The kdemultimedia package contains multimedia applications for\n KDE, including:\n kmid, a midi player\n kmix, an audio mixer\n arts, additional functionality for the aRts sound system\n krec, a recording tool\n kscd, an Audio-CD player\n kaudiocreator, a graphical frontend for audio file creation\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00325.html\");\n script_id(861094);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2985\");\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_name( \"Fedora Update for kdemultimedia FEDORA-2007-2985\");\n\n script_summary(\"Check for the Version of kdemultimedia\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdemultimedia\", rpm:\"kdemultimedia~3.5.8~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdemultimedia-extras\", rpm:\"kdemultimedia-extras~3.5.8~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdemultimedia-devel\", rpm:\"kdemultimedia-devel~3.5.8~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdemultimedia-debuginfo\", rpm:\"kdemultimedia-debuginfo~3.5.8~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdemultimedia\", rpm:\"kdemultimedia~3.5.8~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdemultimedia-extras\", rpm:\"kdemultimedia-extras~3.5.8~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdemultimedia\", rpm:\"kdemultimedia~3.5.8~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdemultimedia-devel\", rpm:\"kdemultimedia-devel~3.5.8~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdemultimedia-debuginfo\", rpm:\"kdemultimedia-debuginfo~3.5.8~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T11:51:47", "description": "Alin Rad Pop found several flaws in how PDF files are handled in xpdf.\nAn attacker could create a malicious PDF file that would cause xpdf to\ncrash or potentially execute arbitrary code when opened.\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "Mandrake Linux Security Advisory : xpdf (MDKSA-2007:219)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:xpdf-tools", "p-cpe:/a:mandriva:linux:xpdf", "p-cpe:/a:mandriva:linux:xpdf-common"], "id": "MANDRAKE_MDKSA-2007-219.NASL", "href": "https://www.tenable.com/plugins/nessus/37167", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:219. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37167);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_xref(name:\"MDKSA\", value:\"2007:219\");\n\n script_name(english:\"Mandrake Linux Security Advisory : xpdf (MDKSA-2007:219)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alin Rad Pop found several flaws in how PDF files are handled in xpdf.\nAn attacker could create a malicious PDF file that would cause xpdf to\ncrash or potentially execute arbitrary code when opened.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xpdf, xpdf-common and / or xpdf-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xpdf-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xpdf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xpdf-3.02-1.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xpdf-tools-3.02-1.3mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"xpdf-3.02-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xpdf-common-3.02-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xpdf-tools-3.02-8.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:13", "description": "Updated xpdf packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nXpdf is an X Window System-based viewer for Portable Document Format\n(PDF) files.\n\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\nattacker could create a malicious PDF file that would cause Xpdf to\ncrash, or potentially execute arbitrary code when opened.\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "edition": 26, "published": "2009-04-23T00:00:00", "title": "CentOS 4 : xpdf (CESA-2007:1029)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:centos:centos:xpdf", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2007-1029.NASL", "href": "https://www.tenable.com/plugins/nessus/38001", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1029 and \n# CentOS Errata and Security Advisory 2007:1029 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38001);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_bugtraq_id(26367);\n script_xref(name:\"RHSA\", value:\"2007:1029\");\n\n script_name(english:\"CentOS 4 : xpdf (CESA-2007:1029)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xpdf packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nXpdf is an X Window System-based viewer for Portable Document Format\n(PDF) files.\n\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\nattacker could create a malicious PDF file that would cause Xpdf to\ncrash, or potentially execute arbitrary code when opened.\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-November/014373.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88ea411a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-November/014397.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22c80818\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-November/014398.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19367d46\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"xpdf-3.00-14.el4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:05:55", "description": "Updated CUPS packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\nattacker could create a malicious PDF file that would cause CUPS to\ncrash or potentially execute arbitrary code when printed.\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\n\nAll CUPS users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 27, "published": "2007-11-08T00:00:00", "title": "RHEL 5 : cups (RHSA-2007:1021)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "modified": "2007-11-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cups-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:cups", "p-cpe:/a:redhat:enterprise_linux:cups-libs", "cpe:/o:redhat:enterprise_linux:5.1", "p-cpe:/a:redhat:enterprise_linux:cups-lpd"], "id": "REDHAT-RHSA-2007-1021.NASL", "href": "https://www.tenable.com/plugins/nessus/27835", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1021. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27835);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_bugtraq_id(26367);\n script_xref(name:\"RHSA\", value:\"2007:1021\");\n\n script_name(english:\"RHEL 5 : cups (RHSA-2007:1021)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated CUPS packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\nattacker could create a malicious PDF file that would cause CUPS to\ncrash or potentially execute arbitrary code when printed.\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\n\nAll CUPS users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1021\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1021\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"cups-1.2.4-11.14.el5_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"cups-1.2.4-11.14.el5_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"cups-1.2.4-11.14.el5_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"cups-devel-1.2.4-11.14.el5_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"cups-libs-1.2.4-11.14.el5_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"cups-lpd-1.2.4-11.14.el5_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"cups-lpd-1.2.4-11.14.el5_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"cups-lpd-1.2.4-11.14.el5_1.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs / cups-lpd\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:09", "description": "This update includes fixes to pdf import filters that can cause\ncrashes possibly execute arbitrary code. See\nhttp://www.kde.org/info/security/advisory-20071107-1.txt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2007-11-12T00:00:00", "title": "Fedora 8 : koffice-1.6.3-13.fc8 (2007-3093)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "modified": "2007-11-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:koffice-kexi-driver-pgsql", "p-cpe:/a:fedoraproject:fedora:koffice-debuginfo", "p-cpe:/a:fedoraproject:fedora:koffice-filters", "p-cpe:/a:fedoraproject:fedora:koffice-kugar", "p-cpe:/a:fedoraproject:fedora:koffice-kspread", "cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:koffice-kpresenter", "p-cpe:/a:fedoraproject:fedora:koffice-kexi-driver-mysql", "p-cpe:/a:fedoraproject:fedora:koffice-kivio", "p-cpe:/a:fedoraproject:fedora:koffice-suite", "p-cpe:/a:fedoraproject:fedora:koffice-libs", "p-cpe:/a:fedoraproject:fedora:koffice-kchart", "p-cpe:/a:fedoraproject:fedora:koffice-devel", "p-cpe:/a:fedoraproject:fedora:koffice-kplato", "p-cpe:/a:fedoraproject:fedora:koffice-kexi", "p-cpe:/a:fedoraproject:fedora:koffice-kword", "p-cpe:/a:fedoraproject:fedora:koffice-kformula", "p-cpe:/a:fedoraproject:fedora:koffice-core", "p-cpe:/a:fedoraproject:fedora:koffice-karbon", "p-cpe:/a:fedoraproject:fedora:koffice-krita"], "id": "FEDORA_2007-3093.NASL", "href": "https://www.tenable.com/plugins/nessus/28161", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-3093.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28161);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_xref(name:\"FEDORA\", value:\"2007-3093\");\n\n script_name(english:\"Fedora 8 : koffice-1.6.3-13.fc8 (2007-3093)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes fixes to pdf import filters that can cause\ncrashes possibly execute arbitrary code. See\nhttp://www.kde.org/info/security/advisory-20071107-1.txt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kde.org/info/security/advisory-20071107-1.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20071107-1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=372601\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004640.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e02b32a0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-filters\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-karbon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kchart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kexi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kexi-driver-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kexi-driver-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kformula\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kivio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kplato\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kpresenter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-krita\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kspread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kugar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-kword\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:koffice-suite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"koffice-core-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-debuginfo-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-devel-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-filters-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-karbon-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kchart-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kexi-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kexi-driver-mysql-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kexi-driver-pgsql-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kformula-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kivio-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kplato-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kpresenter-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-krita-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kspread-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kugar-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-kword-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-libs-1.6.3-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"koffice-suite-1.6.3-13.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"koffice-core / koffice-debuginfo / koffice-devel / koffice-filters / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:04", "description": "From Red Hat Security Advisory 2007:1029 :\n\nUpdated xpdf packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nXpdf is an X Window System-based viewer for Portable Document Format\n(PDF) files.\n\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\nattacker could create a malicious PDF file that would cause Xpdf to\ncrash, or potentially execute arbitrary code when opened.\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : xpdf (ELSA-2007-1029)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:xpdf", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2007-1029.NASL", "href": "https://www.tenable.com/plugins/nessus/67606", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:1029 and \n# Oracle Linux Security Advisory ELSA-2007-1029 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67606);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_bugtraq_id(26367);\n script_xref(name:\"RHSA\", value:\"2007:1029\");\n\n script_name(english:\"Oracle Linux 4 : xpdf (ELSA-2007-1029)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:1029 :\n\nUpdated xpdf packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nXpdf is an X Window System-based viewer for Portable Document Format\n(PDF) files.\n\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\nattacker could create a malicious PDF file that would cause Xpdf to\ncrash, or potentially execute arbitrary code when opened.\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-November/000387.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"xpdf-3.00-14.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"xpdf-3.00-14.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:05:55", "description": "Updated kdegraphics packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment. This includes kpdf, a PDF file viewer.\n\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\nattacker could create a malicious PDF file that would cause kpdf to\ncrash, or potentially execute arbitrary code when opened.\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\n\nAll kdegraphics users are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.", "edition": 27, "published": "2007-11-12T00:00:00", "title": "RHEL 4 : kdegraphics (RHSA-2007:1024)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "modified": "2007-11-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel", "cpe:/o:redhat:enterprise_linux:4.5", "p-cpe:/a:redhat:enterprise_linux:kdegraphics"], "id": "REDHAT-RHSA-2007-1024.NASL", "href": "https://www.tenable.com/plugins/nessus/28168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1024. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28168);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_bugtraq_id(26367);\n script_xref(name:\"RHSA\", value:\"2007:1024\");\n\n script_name(english:\"RHEL 4 : kdegraphics (RHSA-2007:1024)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdegraphics packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment. This includes kpdf, a PDF file viewer.\n\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\nattacker could create a malicious PDF file that would cause kpdf to\ncrash, or potentially execute arbitrary code when opened.\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\n\nAll kdegraphics users are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1024\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdegraphics and / or kdegraphics-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1024\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kdegraphics-3.3.1-6.el4_5\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kdegraphics-devel-3.3.1-6.el4_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdegraphics / kdegraphics-devel\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:08", "description": "This update addresses a security issue in kpdf, that can cause crashes\nor possibly execute arbitrary code, see\nhttp://www.kde.org/info/security/advisory-20071107-1.txt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2007-11-12T00:00:00", "title": "Fedora 8 : kdegraphics-3.5.8-7.fc8 (2007-3001)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "modified": "2007-11-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kdegraphics-libs", "p-cpe:/a:fedoraproject:fedora:kdegraphics-devel", "p-cpe:/a:fedoraproject:fedora:kdegraphics-extras", "cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:kdegraphics-debuginfo", "p-cpe:/a:fedoraproject:fedora:kdegraphics"], "id": "FEDORA_2007-3001.NASL", "href": "https://www.tenable.com/plugins/nessus/28155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-3001.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28155);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_xref(name:\"FEDORA\", value:\"2007-3001\");\n\n script_name(english:\"Fedora 8 : kdegraphics-3.5.8-7.fc8 (2007-3001)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a security issue in kpdf, that can cause crashes\nor possibly execute arbitrary code, see\nhttp://www.kde.org/info/security/advisory-20071107-1.txt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kde.org/info/security/advisory-20071107-1.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20071107-1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=372571\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004608.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a651f8e4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegraphics-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegraphics-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegraphics-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegraphics-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"kdegraphics-3.5.8-7.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"kdegraphics-debuginfo-3.5.8-7.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"kdegraphics-devel-3.5.8-7.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"kdegraphics-extras-3.5.8-7.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"kdegraphics-libs-3.5.8-7.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdegraphics / kdegraphics-debuginfo / kdegraphics-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:05:55", "description": "Updated gpdf packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\ngpdf is a GNOME-based viewer for Portable Document Format (PDF) files.\n\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\nattacker could create a malicious PDF file that would cause gpdf to\ncrash, or potentially execute arbitrary code when opened.\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "edition": 27, "published": "2009-04-23T00:00:00", "title": "RHEL 4 : gpdf (RHSA-2007:1025)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:gpdf", "cpe:/o:redhat:enterprise_linux:4.5"], "id": "REDHAT-RHSA-2007-1025.NASL", "href": "https://www.tenable.com/plugins/nessus/37484", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1025. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37484);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_bugtraq_id(26367);\n script_xref(name:\"RHSA\", value:\"2007:1025\");\n\n script_name(english:\"RHEL 4 : gpdf (RHSA-2007:1025)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gpdf packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\ngpdf is a GNOME-based viewer for Portable Document Format (PDF) files.\n\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\nattacker could create a malicious PDF file that would cause gpdf to\ncrash, or potentially execute arbitrary code when opened.\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1025\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1025\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"gpdf-2.8.2-7.7.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpdf\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:44:59", "description": "Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf,\na set of tools for display and conversion of Portable Document Format\n(PDF) files. The Common Vulnerabilities and Exposures project\nidentifies the following three problems :\n\n - CVE-2007-4352\n Inadequate DCT stream validation allows an attacker to\n corrupt memory and potentially execute arbitrary code by\n supplying a maliciously crafted PDF file.\n\n - CVE-2007-5392\n An integer overflow vulnerability in DCT stream handling\n could allow an attacker to overflow a heap buffer,\n enabling the execution of arbitrary code.\n\n - CVE-2007-5393\n A buffer overflow vulnerability in xpdf's CCITT image\n compression handlers allows overflow on the heap,\n allowing an attacker to execute arbitrary code by\n supplying a maliciously crafted CCITTFaxDecode filter.", "edition": 26, "published": "2008-04-11T00:00:00", "title": "Debian DSA-1537-1 : xpdf - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "modified": "2008-04-11T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:xpdf"], "id": "DEBIAN_DSA-1537.NASL", "href": "https://www.tenable.com/plugins/nessus/31807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1537. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31807);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n script_bugtraq_id(26367);\n script_xref(name:\"DSA\", value:\"1537\");\n\n script_name(english:\"Debian DSA-1537-1 : xpdf - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf,\na set of tools for display and conversion of Portable Document Format\n(PDF) files. The Common Vulnerabilities and Exposures project\nidentifies the following three problems :\n\n - CVE-2007-4352\n Inadequate DCT stream validation allows an attacker to\n corrupt memory and potentially execute arbitrary code by\n supplying a maliciously crafted PDF file.\n\n - CVE-2007-5392\n An integer overflow vulnerability in DCT stream handling\n could allow an attacker to overflow a heap buffer,\n enabling the execution of arbitrary code.\n\n - CVE-2007-5393\n A buffer overflow vulnerability in xpdf's CCITT image\n compression handlers allows overflow on the heap,\n allowing an attacker to execute arbitrary code by\n supplying a maliciously crafted CCITTFaxDecode filter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1537\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xpdf packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 3.01-9.1+etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"xpdf\", reference:\"3.01-9.1+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xpdf-common\", reference:\"3.01-9.1+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xpdf-reader\", reference:\"3.01-9.1+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xpdf-utils\", reference:\"3.01-9.1+etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:53", "description": "A buffer overflow in the xpdf code contained in pdftohtml could be\nexploited by attackers to potentially execute arbitrary code\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).", "edition": 24, "published": "2007-11-12T00:00:00", "title": "openSUSE 10 Security Update : pdftohtml (pdftohtml-4642)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "modified": "2007-11-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pdftohtml", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_PDFTOHTML-4642.NASL", "href": "https://www.tenable.com/plugins/nessus/28177", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update pdftohtml-4642.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28177);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4352\", \"CVE-2007-5392\", \"CVE-2007-5393\");\n\n script_name(english:\"openSUSE 10 Security Update : pdftohtml (pdftohtml-4642)\");\n script_summary(english:\"Check for the pdftohtml-4642 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in the xpdf code contained in pdftohtml could be\nexploited by attackers to potentially execute arbitrary code\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdftohtml package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdftohtml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"pdftohtml-0.36-145.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdftohtml\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:17", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "Poppler is a PDF rendering library, used by applications such as evince. \r\n\r\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\r\nattacker could create a malicious PDF file that would cause an application\r\nlinked with poppler to crash, or potentially execute arbitrary code when\r\nopened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "modified": "2017-09-08T12:11:55", "published": "2007-11-07T05:00:00", "id": "RHSA-2007:1026", "href": "https://access.redhat.com/errata/RHSA-2007:1026", "type": "redhat", "title": "(RHSA-2007:1026) Important: poppler security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:04", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\r\nattacker could create a malicious PDF file that would cause CUPS to crash\r\nor potentially execute arbitrary code when printed. \r\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\r\n\r\nAll CUPS users are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T11:50:11", "published": "2007-11-07T05:00:00", "id": "RHSA-2007:1021", "href": "https://access.redhat.com/errata/RHSA-2007:1021", "type": "redhat", "title": "(RHSA-2007:1021) Important: cups security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:12", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. \r\n\r\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\r\nattacker could create a malicious PDF file that would cause gpdf to crash,\r\nor potentially execute arbitrary code when opened. \r\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "modified": "2017-09-08T12:17:55", "published": "2007-11-07T05:00:00", "id": "RHSA-2007:1025", "href": "https://access.redhat.com/errata/RHSA-2007:1025", "type": "redhat", "title": "(RHSA-2007:1025) Important: gpdf security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "Internationalization support for KDE ", "modified": "2007-11-13T00:05:02", "published": "2007-11-13T00:05:02", "id": "FEDORA:LAD057UG022395", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kde-i18n-3.5.8-1.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "KOffice - Integrated Office Suite KOffice is a free, integrated office suite for KDE, the K Desktop Environme nt. ", "modified": "2007-11-09T23:50:51", "published": "2007-11-09T23:50:51", "id": "FEDORA:LA9NOK5S013218", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: koffice-1.6.3-13.fc8", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "Graphics applications for the K Desktop Environment, including * kamera (digital camera support) * kcoloredit (palette editor and color chooser) * kdvi (displays TeX .dvi files) * kghostview (displays postscript files) * kiconedit (icon editor) * kooka (scanner application) * kpdf (displays PDF files) * kruler (screen ruler and color measurement tool) * ksnapshot (screen capture utility) * kview (image viewer for GIF, JPEG, TIFF, etc.) ", "modified": "2007-11-09T23:40:09", "published": "2007-11-09T23:40:09", "id": "FEDORA:LA9NE49Q011462", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: kdegraphics-3.5.8-7.fc8", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "modified": "2007-11-09T23:43:53", "published": "2007-11-09T23:43:53", "id": "FEDORA:LA9NHRQD012014", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: xpdf-3.02-4.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "Networking applications, including: * kget: downloader manager * kio_lan: lan browsing kio slave * knewsticker: RDF newsticker applet * kopete: chat client * kppp: dialer and front end for pppd * krdc: a client for Desktop Sharing and other VNC servers * krfb: Desktop Sharing server, allow others to access your desktop via VNC * lisa: lan information server ", "modified": "2007-11-13T00:05:02", "published": "2007-11-13T00:05:02", "id": "FEDORA:LAD057UH022395", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kdenetwork-3.5.8-6.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "The K Desktop Environment (KDE) is a GUI desktop for the X Window System. The kdemultimedia package contains multimedia applications for KDE, including: kmid, a midi player kmix, an audio mixer arts, additional functionality for the aRts sound system krec, a recording tool kscd, an Audio-CD player kaudiocreator, a graphical frontend for audio file creation ", "modified": "2007-11-13T00:05:02", "published": "2007-11-13T00:05:02", "id": "FEDORA:LAD057UM022395", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kdemultimedia-3.5.8-8.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "Additional artwork (themes, sound themes, screensavers ...) for KDE. ", "modified": "2007-11-13T00:05:02", "published": "2007-11-13T00:05:02", "id": "FEDORA:LAD057H4022394", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kdeartwork-3.5.8-1.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "KDE/DCOP bindings to non-C++ languages ", "modified": "2007-11-13T00:05:02", "published": "2007-11-13T00:05:02", "id": "FEDORA:LAD057UF022395", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kdebindings-3.5.8-1.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "Utilities for the K Desktop Environment. Includes: * ark (tar/gzip archive manager); * kcalc (scientific calculator); * kcharselect (character selector); * kdepasswd (change password); * kdessh (ssh front end); * kdf (view disk usage); * kedit (simple text editor); * kfloppy (floppy formatting tool); * kgpg (gpg gui) * khexedit (hex editor); * kjots (note taker); * ktimer (task scheduler); * kwikdisk (removable media utility) ", "modified": "2007-11-13T00:05:02", "published": "2007-11-13T00:05:02", "id": "FEDORA:LAD057GX022394", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kdeutils-3.5.8-2.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"], "description": "A collection of applications and tools used by developers, including: * cervisia: a CVS frontend * kbabel: PO file management * kbugbuster: a tool to manage the KDE bug report system * kcachegrind: a browser for data produced by profiling tools (e.g. cachegr ind) * kompare: diff tool * kuiviewer: displays designer's UI files * umbrello: UML modeller and UML diagram tool ", "modified": "2007-11-13T00:05:02", "published": "2007-11-13T00:05:02", "id": "FEDORA:LAD057H5022394", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kdesdk-3.5.8-2.fc7", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:36", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": " [2.3.27-8.1]\n Fixes for:\n - 345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()\n - 345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()\n - 345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar() ", "edition": 4, "modified": "2007-11-23T00:00:00", "published": "2007-11-23T00:00:00", "id": "ELSA-2007-1026", "href": "http://linux.oracle.com/errata/ELSA-2007-1026.html", "title": "Important: poppler security update ", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": " [7:3.3.1-6]\n - Resolves: #356601, CVE-2007-4352,5392,5393 ", "edition": 4, "modified": "2007-11-12T00:00:00", "published": "2007-11-12T00:00:00", "id": "ELSA-2007-1024", "href": "http://linux.oracle.com/errata/ELSA-2007-1024.html", "title": "Important: kdegraphics security update ", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:27:13", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1509-1 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nFebruary 25, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : koffice\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2007-4352 CVE-2007-5392 CVE-2007-5393\nDebian Bug : 450631\n\nSeveral vulnerabilities have been discovered in xpdf code that is\nembedded in koffice, an integrated office suite for KDE. These flaws\ncould allow an attacker to execute arbitrary code by inducing the user\nto import a specially crafted PDF document.\n\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2007-4352\n\nArray index error in the DCTStream::readProgressiveDataUnit method in\nxpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice,\nCUPS, and other products, allows remote attackers to trigger memory\ncorruption and execute arbitrary code via a crafted PDF file.\n\nCVE-2007-5392\n\nInteger overflow in the DCTStream::reset method in xpdf/Stream.cc in\nXpdf 3.02p11 allows remote attackers to execute arbitrary code via a\ncrafted PDF file, resulting in a heap-based buffer overflow.\n\nCVE-2007-5393\n\nHeap-based buffer overflow in the CCITTFaxStream::lookChar method in\nxpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute\narbitrary code via a PDF file that contains a crafted CCITTFaxDecode\nfilter.\n\nFor the stable distribution (etch), these problems have been fixed in version\n1:1.6.1-2etch2.\n\nUpdates for the old stable distribution (sarge), will be made available\nas soon as possible.\n\nWe recommend that you upgrade your koffice package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1.orig.tar.gz\n Size/MD5 checksum: 63070725 46ac2a71f5826a6ed149a62d501dacec\n http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2.diff.gz\n Size/MD5 checksum: 500546 d9591206e1c6f8dec3804bd4735e259a\n http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2.dsc\n Size/MD5 checksum: 1472 736540e8fe6563095b48f21d18a51278\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.6.1-2etch2_all.deb\n Size/MD5 checksum: 749032 0070f9b3ad6664ea51a18cddd19890f4\n http://security.debian.org/pool/updates/main/k/koffice/kword-data_1.6.1-2etch2_all.deb\n Size/MD5 checksum: 1820806 52946ab23d6f2443b3fbcbf420283f80\n http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.6.1-2etch2_all.deb\n Size/MD5 checksum: 696918 9c21ffc9c5a101b9c884d4e122986232\n http://security.debian.org/pool/updates/main/k/koffice/koffice-doc_1.6.1-2etch2_all.deb\n Size/MD5 checksum: 94848460 124080b3f3548c6edff3241e715c116a\n http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.6.1-2etch2_all.deb\n Size/MD5 checksum: 542886 ab52f6d59b90cd88d31a0b4b9b36a5bb\n http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2_all.deb\n Size/MD5 checksum: 24280 aa214d2491c38aa98e3dee0a3af08548\n http://security.debian.org/pool/updates/main/k/koffice/kpresenter-data_1.6.1-2etch2_all.deb\n Size/MD5 checksum: 1914106 d84bbcdc8136aefbf9b412371c27d298\n http://security.debian.org/pool/updates/main/k/koffice/krita-data_1.6.1-2etch2_all.deb\n Size/MD5 checksum: 28338316 8a589f8081107f31b35539d2cc79d117\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 57350998 b89d47b71105fab810c0869d70f96b3d\n http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 2992258 aad9b8c77ee89ff592e51dcfd6a6948c\n http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 3685928 0ab1141150a33e1d27becb2403acb8fe\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 410304 720dc1cc4ded7c693e1df51090f5e7df\n http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 1108728 4e9fde3673267933013b2cf06b91a0ee\n http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 196674 8336a4bb08601b831ce07c52a5becf57\n http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 2830686 51b7be31d6a8b7cdcdc7a2b827463339\n http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 644390 1295dae963ba00decb6d8e5cf0bc24c3\n http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 973268 64583b24fdea6779728af30b086a16f8\n http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 471858 0d480b3ad899d6d68819dee7f6e8b422\n http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 1416602 8cb43f69122eea92b0b47ac076b2a4c6\n http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 3527650 fabfcd46419a73b980ac2745d36a31d4\n http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 1400458 31e6b012e954898bb9df32927d045942\n http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 328934 5aae2d567fa52b636a3668c49e9e326f\n http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 2851586 da203ab445b43e98948478e583cc602b\n http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_alpha.deb\n Size/MD5 checksum: 1042694 2f151596b47ea821ec454af1eb53acfe\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 3294022 7be36559342e9124e92c3c6502d47b70\n http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 328316 6179ec6467b7083a41f709e767a948a2\n http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 1324866 7dba8a525e44d7f6904e6398baa91ae0\n http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 1365414 02bb1312009dde02fa341cdd5298cf59\n http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 2657894 6e79697e6918401822788918ef741bcf\n http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 928374 dd267f67e4fc5645f2679d809e239312\n http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 194638 505f9bc791fe99533d0e9131b30cf5b6\n http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 2815768 164d24b9daba660d67317e4780c7b71b\n http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 3450008 7f8bb18638cc0a3de34a80032e3d3f8b\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 57314530 6f9952c7a95d511c15903153c85c53c7\n http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 605128 b1160c78342218e11ce54b5397a896e0\n http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 1048732 d3eb3c27988687ece8ff0f5f1e9f0cde\n http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 1039366 877c11348e7728a5586c86fd101f39b2\n http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 2694480 217ed3c8443fe4efd1e5f2ddfe341968\n http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 459104 2ff10c5b0139d4cba661631658766ad2\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_amd64.deb\n Size/MD5 checksum: 409354 62a7aa20ac3bf81f120c09e6dce02778\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 2802608 4a2309f6a0c34c85d500aa9a3ee208ca\n http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 485934 040d7fddb6065e09d575780962f7331e\n http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 199100 8ea3e72ec476af1252d4b525c905552a\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 58458146 7aab4d4591a3d26ea7d54e86f7c9defe\n http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 3029512 c3a1af8186da4124d581161b96295022\n http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 1140282 9c5e287258f8d0ab7f1467699271face\n http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 672698 80979ecd74476afdd3b3e51ea950d444\n http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 3689882 7c953ca3112a2f0ee3bf30ee51e0964b\n http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 2908842 2622aeacca6cba686acae6e51342b70a\n http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 984572 f291940221dc4ff6a565c4f20a348068\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 386164 fbe568082f6ba7d1575328c7b1ac5c81\n http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 1416426 b2104045a2145f3beeac9cc68980333a\n http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 3881200 0ebe2d707170a21f2164f38c27aea7dc\n http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 1044524 7e4eb934754a1f649a61c995abbf8701\n http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 330776 a09c3143d956f8ec939f17f382713e4f\n http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_hppa.deb\n Size/MD5 checksum: 1423032 56b16a11bb879b77d445f8e925da2f65\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 2665448 c57f33814148032f151ef8581133add3\n http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 450250 4be861631fb270186448726e367351f5\n http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 887142 03e76936e523a89355a0ff1d763a568a\n http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 327414 680ce76250a24575f8aa0fa476311fad\n http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 1327342 2a4303d8fd72af4c8b9ebec83d70a0dd\n http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 975636 a91545e92ad618972eb232dd88ba302f\n http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 565372 ae385bd3c48557bd3b3258a3dec06d53\n http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 3065614 949f63b98aed6462a87d6738f1f7aa54\n http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 1036452 c834cb228a8f7867ae6647a779bf098a\n http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 2600034 0ee26d78d5c39e2c60a40d9fc9482d7a\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 411438 f1402799f10edf6cb6a72e7da756d4f2\n http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 2523474 d14674bcd1ac08a921ab1b851d6f9f63\n http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 191854 22dbc05baa6c8cc7a0e1b342eb8458fd\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 56015650 81b5171605bd34982e77a4d42e5ef798\n http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 3394402 bfdfeb4bc6010f942b3fe1e6f1b5927c\n http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_i386.deb\n Size/MD5 checksum: 1267644 aed29a4ea91e7e35c9a84c712b4a1f19\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 3236074 7e1cb5805cc947292a6d92a8530866c9\n http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 1162354 4edc55e0010214f8536d93032003c86c\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 410254 8142bcc9f6fc1cf05a5070868c0567f8\n http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 819652 44fa301676d644866f316b7e10d280e8\n http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 2364410 0be39271e2ce6fb0bba1ef475301a084\n http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 954618 83d2f9a056e22c54ca3648ac55a16c8b\n http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 1030624 5755994a5c454b7ab0cc055775dcfd90\n http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 418004 50d8169cb9b927b8933daac60c9d3a7c\n http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 2542814 aba80d2a5b3edce8b3da273805e2d6ab\n http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 547230 8b3ac40680a663c10de1385432225100\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 59057072 5a9b1757cf8669a637ce1cd84a643669\n http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 189820 57b1edbe7ae43afaf192ae57040d35aa\n http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 3007566 50ad38ccbc098a9dfe0c828fad4fe68f\n http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 2393374 0e026630da8ee3252ace2c8e462a4c31\n http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 322942 3ebe207435477249d750c7edc53f1c32\n http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_mips.deb\n Size/MD5 checksum: 1289068 4e59ea5eab4a923a5295b7e5eed08800\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 872684 f8e2fc8a6a304321ba2d61faf073b927\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 59204870 d4b5f8aa12dfcfe9d96d18bfce9a7391\n http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 585392 746d7d98056a27314e4b98c4a15a231b\n http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 330230 ac8fe1d4eddd96ee1c5690dc4741e221\n http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 1014670 8348c676c0ef54919aaad3078522198d\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 386174 07857317e4310692f1d3259dea432691\n http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 2582168 df284c313d1e00ee1433ddcd14f4c841\n http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 1339116 192188b89e7284fb9a7d966cf3fb3a15\n http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 3242432 ce78b25857b61820fa8542ae3d4dc413\n http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 457242 e7a95c66f4e926b62f9e4dd3e42cdf8d\n http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 2547402 d90d56f9175d2c27bdd2b331d04369f0\n http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 1037354 bd9109010f35e5cb8b5f51e18959ab70\n http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 193838 97928f28499f11ab4a47e607f1826ea5\n http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 3411744 6060f249832adc324c83cc13fea21625\n http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 1266332 5a3b2b15a11dbda5352d3ff71a628de0\n http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_powerpc.deb\n Size/MD5 checksum: 2723518 875a511dbcff7c66c505ac230b5c99bf\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 2626332 3eba440eb89551f148fe66ffbf3ab544\n http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 440552 923f545efe43d003a4b4be1ae5193e53\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 386122 71ff5fccebddd4c2545e153bdc6a2c22\n http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 1349756 305d1011cc256e59ec37786eba710aa2\n http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 3318436 dfa8e7151ee50a82daf233aaf3bb4c78\n http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 3396560 818635ea2c374ffa115a5711796a866f\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 58172656 c8875f6bcc4e0ac5d8448993a3dd9459\n http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 196456 873c319f73b3a6f0a8a9c4ce27b3e268\n http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 917548 bbce7935ffaf94178189ffa83e7eb907\n http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 1046676 dfbbdce0a811fb343216eb0101e2cd5c\n http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 1040930 75825da9f91d6342f89ca7ff558b514c\n http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 2613436 b1a1ccec78d8f863a1e132c2e3bf94a6\n http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 1291994 bd422ddd7f4330d0c93e1fe1f4b1b347\n http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 2816248 6b5e980238f8352dd507e4263f1e0b94\n http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 327322 4486b6ada5ccb23a0bc6ed31f257a7c4\n http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_s390.deb\n Size/MD5 checksum: 611872 e46ea8855aff60ddfccefcba342dffa5\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 1242292 105abf1ce7f36d5d05a4ea36a9672b21\n http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 3306694 178ac0dd793158e7c013c0158c9ea29c\n http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 3070518 3546835ce1ac3b512367510b95fdb5f3\n http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 1311732 7a72f6a8bdf02d94f679e554988deb87\n http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 449064 85cd0b5078a5a7512912b54ef3890f60\n http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 2542878 45ab08bc1f4f239fa7c3c8bb37bfef6a\n http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 2635444 6bb69ceea94ec19be2d794c88d9323e1\n http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 1031262 b52fbb63d1f524a5601881bb271d03f7\n http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 2458470 05063fe43bf3016c40480d148ab4914d\n http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 567050 1cffedc4c932ba157298da8eee984dd4\n http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 969096 862dfb39a43f1294c462d9f96bce4977\n http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 189976 7a860038f43640be13da11d3b2f030bb\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 386166 564e659095f354b238fb21156c318149\n http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 55023166 8c0b0a62255c55bac0360c5d73e70862\n http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 863818 d13ee185d57647d650a39315b3e1a24c\n http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_sparc.deb\n Size/MD5 checksum: 325090 d3cdada728ff6aa49fdc5546e6f8615b\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2008-02-25T23:14:52", "published": "2008-02-25T23:14:52", "id": "DEBIAN:DSA-1509-1:EC73D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00073.html", "title": "[SECURITY] [DSA 1509-1] New koffice packages fix multiple vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:30:13", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1480-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 05, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : poppler\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-4352 CVE-2007-5392 CVE-2007-5393\n\nAlin Rad Pop discovered several buffer overflows in the Poppler PDF\nlibrary, which could allow the execution of arbitrary code if a\nmalformed PDF file is opened.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.4.5-5.1etch2.\n\nThe old stable distribution (sarge) doesn&#x27;t contain poppler.\n\nWe recommend that you upgrade your poppler packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch2.diff.gz\n Size/MD5 checksum: 484246 62ac8891f912e0297dee3bc875497ef7\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch2.dsc\n Size/MD5 checksum: 749 d12234813b844d590e151f454c7f26fb\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz\n Size/MD5 checksum: 783752 2bb1c75aa3f9c42f0ba48b5492e6d32c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_alpha.deb\n Size/MD5 checksum: 30374 498fdc2dcafa1368c76f22a26243bd18\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_alpha.deb\n Size/MD5 checksum: 42932 5c37d6c62ed141bb1ea227e8ed4a02ac\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_alpha.deb\n Size/MD5 checksum: 774474 25ee5518b1f66bdcab1276ae15104362\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_alpha.deb\n Size/MD5 checksum: 33862 97c425d38d2a52013ecb777323fedcbf\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_alpha.deb\n Size/MD5 checksum: 55184 6a8bc43d21cd7b053e4ff2e96039ecde\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_alpha.deb\n Size/MD5 checksum: 504400 1873e99c14b49a16a97fa1853840393c\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_alpha.deb\n Size/MD5 checksum: 86262 6e9bb738236eb858aa379a011722df5e\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_amd64.deb\n Size/MD5 checksum: 456402 b149225663d59f2a71f959c54dc9980a\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_amd64.deb\n Size/MD5 checksum: 83490 503a5244ca6778e8934001fcb775863a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_amd64.deb\n Size/MD5 checksum: 45932 a4f161401bfa3dd4179e1f06f26ea2fc\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_amd64.deb\n Size/MD5 checksum: 30518 caea56a87a7f3cbe810912043198944c\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_amd64.deb\n Size/MD5 checksum: 613524 9f60fe935bf1a0d39cb476306a1cd877\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_amd64.deb\n Size/MD5 checksum: 29574 765b2a6179f6de7bcd12577267f28bdc\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_amd64.deb\n Size/MD5 checksum: 41628 d321bfeef8b4b1646ba1232c2b289e31\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_arm.deb\n Size/MD5 checksum: 30290 ca3b42b4698fd95047d9d01da07c19f0\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_arm.deb\n Size/MD5 checksum: 81660 b5ef96b6267053ef30530742cc7fc885\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_arm.deb\n Size/MD5 checksum: 29290 cb56448209be77de26a8ae8370ade5e7\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_arm.deb\n Size/MD5 checksum: 594802 ee6c3e505eca8dc598dc5128418d24c3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_arm.deb\n Size/MD5 checksum: 44606 44101c76d6b8148c26ad3e85dd72fe66\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_arm.deb\n Size/MD5 checksum: 438018 eb2a802afd0da063c444c0cf2e4a1ed4\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_arm.deb\n Size/MD5 checksum: 40054 a1c854be81c453ed1208c7f4f9c2f5eb\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_i386.deb\n Size/MD5 checksum: 443352 016dd5a98a0eb335af593d1e51e081d5\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_i386.deb\n Size/MD5 checksum: 29378 8d28f47566c6ea599a9d008280d13129\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_i386.deb\n Size/MD5 checksum: 80798 8a05f82badaa6b3f69e86b5ec524b0fa\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_i386.deb\n Size/MD5 checksum: 44140 e344517322685ec03e9368569b1040ee\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_i386.deb\n Size/MD5 checksum: 40610 3a31076ff600ff771e68180074b46a21\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_i386.deb\n Size/MD5 checksum: 30134 194fbfb244f877cd07b00bc5564a0a30\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_i386.deb\n Size/MD5 checksum: 573836 dda4a5aa4e8c0c931bb456daf3e7e38d\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_ia64.deb\n Size/MD5 checksum: 105174 4d21ca486d0dfb96ab111110aea18184\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_ia64.deb\n Size/MD5 checksum: 808710 fef48b747551e1f078e51a863db42d64\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_ia64.deb\n Size/MD5 checksum: 47680 6c2a9d463679be4d6738009e01d53229\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_ia64.deb\n Size/MD5 checksum: 33654 afe0b327c8cde6490cf3982450286911\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_ia64.deb\n Size/MD5 checksum: 54716 5aef6fdb1721fd392e7a5b694774fe3f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_ia64.deb\n Size/MD5 checksum: 32070 d2981f21f801bd748cf0f429683de327\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_ia64.deb\n Size/MD5 checksum: 613062 ddfb7f3ee5899b15576dccf1f7730af5\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_mips.deb\n Size/MD5 checksum: 31838 ee6109e671d1b520e4f0e139ce323d31\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_mips.deb\n Size/MD5 checksum: 674630 ced70154cf0bf69de7e3f0682a26efe7\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_mips.deb\n Size/MD5 checksum: 29444 80577ad366a7ff024f6bbcfe28e9423e\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_mips.deb\n Size/MD5 checksum: 86570 95f59eddb01635867c47ebefdf53148f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_mips.deb\n Size/MD5 checksum: 457738 adb74127e8b2f75c08dc4d1140cfcf53\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_mips.deb\n Size/MD5 checksum: 50162 a9a20c39b24ffb935dd5c95e58225250\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_mips.deb\n Size/MD5 checksum: 41714 9eba45d7741fb6af5defe6cd13aa04b4\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_mipsel.deb\n Size/MD5 checksum: 32068 8f0e573a5d16b9c38647fd35af827f51\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_mipsel.deb\n Size/MD5 checksum: 444286 1a9c45b8d5110116e7327379448cb5e5\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_mipsel.deb\n Size/MD5 checksum: 49638 67f7ee08100eedef89ce6a10261e4cf3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_mipsel.deb\n Size/MD5 checksum: 29716 d1695e641ec7f2025aed5f3b3092f432\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_mipsel.deb\n Size/MD5 checksum: 664980 b521ee4bdbc3f5c063522e14c93a49fb\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_mipsel.deb\n Size/MD5 checksum: 41074 a4d66ed0588b10960fe40da8e2114aa9\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_mipsel.deb\n Size/MD5 checksum: 86512 25a6b4c4a4a6b1bd8217c5cd7c824554\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_powerpc.deb\n Size/MD5 checksum: 89176 40cc1c0ddbcb14c1bd88620e4427f2ad\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_powerpc.deb\n Size/MD5 checksum: 43006 857e0d7a14ac3448d531a6e92badfaa7\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_powerpc.deb\n Size/MD5 checksum: 651790 b85508f089275c45426271ab42af5852\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_powerpc.deb\n Size/MD5 checksum: 31282 3b991e0a59044ad90bce84dab4a3c286\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_powerpc.deb\n Size/MD5 checksum: 48000 0d4dcec8c85e63bf932cba1214e23e8a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_powerpc.deb\n Size/MD5 checksum: 472200 5f73beffafb62d0c609a1065e162dbaa\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_powerpc.deb\n Size/MD5 checksum: 31310 689f8d2507230afdc69b2d967ce6dfc7\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_s390.deb\n Size/MD5 checksum: 41554 d03144f78dde41a7eb0c33ee63436429\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_s390.deb\n Size/MD5 checksum: 621764 ac5f100d5a18b4088a00503ad7d27347\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_s390.deb\n Size/MD5 checksum: 30430 9f8575a73fa04ca2920ed97d3d30960f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_s390.deb\n Size/MD5 checksum: 46690 219c0e56d1ae87c01d984ddce2f576b1\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_s390.deb\n Size/MD5 checksum: 29332 e34057f02956439dcd2c1643153a4320\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_s390.deb\n Size/MD5 checksum: 80556 9bf0f20909214d5433c8b6986bd86813\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_s390.deb\n Size/MD5 checksum: 453712 471ce86c951154e00d8e5c6e78170915\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_sparc.deb\n Size/MD5 checksum: 444208 7108e0818b726a16e46d0fa8c41b3b9b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_sparc.deb\n Size/MD5 checksum: 44412 7773d4a704d458419c50e49eb6c2148f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_sparc.deb\n Size/MD5 checksum: 29146 9a3e1df71ee09b5b55703673153232c5\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_sparc.deb\n Size/MD5 checksum: 78156 63a833e7ebdb56c067e69aa1a3988ed1\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_sparc.deb\n Size/MD5 checksum: 40312 040a74fe179460b0b175e29bc0de26a6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_sparc.deb\n Size/MD5 checksum: 583836 2e40b8be7ad912d86235bd6ff59aeb92\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_sparc.deb\n Size/MD5 checksum: 30494 a17ba5f32a555022213133d909dc01aa\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2008-02-05T17:14:05", "published": "2008-02-05T17:14:05", "id": "DEBIAN:DSA-1480-1:FF106", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00043.html", "title": "[SECURITY] [DSA 1480-1] New poppler packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "edition": 1, "description": "### Background\n\nPoppler is a cross-platform PDF rendering library originally based on Xpdf. KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. KPDF is a KDE-based PDF viewer included in the kdegraphics package. \n\n### Description\n\nAlin Rad Pop (Secunia Research) discovered several vulnerabilities in the \"Stream.cc\" file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows (CVE-2007-5392, CVE-2007-5393). He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption (CVE-2007-4352). Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. \n\n### Impact\n\nBy enticing a user to view or process a specially crafted PDF file with KWord or KPDF or a Poppler-based program such as Gentoo's viewers Xpdf, ePDFView, and Evince or the CUPS printing system, a remote attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Poppler users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/poppler-0.6.1-r1\"\n\nAll KPDF users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kpdf-3.5.7-r3\"\n\nAll KDE Graphics Libraries users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdegraphics-3.5.7-r3\"\n\nAll KWord users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/kword-1.6.3-r2\"\n\nAll KOffice users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/koffice-1.6.3-r2\"", "modified": "2007-11-18T00:00:00", "published": "2007-11-18T00:00:00", "id": "GLSA-200711-22", "href": "https://security.gentoo.org/glsa/200711-22", "type": "gentoo", "title": "Poppler, KDE: User-assisted execution of arbitrary code", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Buffer overflows, integer overflows, array index overflows.", "edition": 1, "modified": "2007-11-08T00:00:00", "published": "2007-11-08T00:00:00", "id": "SECURITYVULNS:VULN:8328", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8328", "title": "Xpdf multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-08T23:34:36", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Secunia Research discovered several vulnerabilities in poppler. If a \nuser were tricked into loading a specially crafted PDF file, a remote \nattacker could cause a denial of service or possibly execute arbitrary \ncode with the user's privileges in applications linked against poppler.", "edition": 5, "modified": "2007-11-14T00:00:00", "published": "2007-11-14T00:00:00", "id": "USN-542-1", "href": "https://ubuntu.com/security/notices/USN-542-1", "title": "poppler vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:29:52", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "**CentOS Errata and Security Advisory** CESA-2007:1024\n\n\nThe kdegraphics packages contain applications for the K Desktop\r\nEnvironment. This includes kpdf, a PDF file viewer.\r\n\r\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\r\nattacker could create a malicious PDF file that would cause kpdf to crash,\r\nor potentially execute arbitrary code when opened. \r\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\r\n\r\nAll kdegraphics users are advised to upgrade to these updated packages,\r\nwhich contain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026449.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026450.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026453.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026454.html\n\n**Affected packages:**\nkdegraphics\nkdegraphics-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1024.html", "edition": 6, "modified": "2007-11-12T22:19:44", "published": "2007-11-12T16:32:18", "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/026449.html", "id": "CESA-2007:1024", "title": "kdegraphics security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:41", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "**CentOS Errata and Security Advisory** CESA-2007:1025\n\n\ngpdf is a GNOME-based viewer for Portable Document Format (PDF) files. \r\n\r\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\r\nattacker could create a malicious PDF file that would cause gpdf to crash,\r\nor potentially execute arbitrary code when opened. \r\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026410.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026416.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026433.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026434.html\n\n**Affected packages:**\ngpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1025.html", "edition": 4, "modified": "2007-11-08T12:15:59", "published": "2007-11-07T19:57:28", "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/026410.html", "id": "CESA-2007:1025", "title": "gpdf security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:53", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "**CentOS Errata and Security Advisory** CESA-2007:1029\n\n\nXpdf is an X Window System-based viewer for Portable Document Format (PDF)\r\nfiles.\r\n\r\nAlin Rad Pop discovered several flaws in the handling of PDF files. An\r\nattacker could create a malicious PDF file that would cause Xpdf to crash,\r\nor potentially execute arbitrary code when opened.\r\n(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026411.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026417.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026435.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026436.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1029.html", "edition": 3, "modified": "2007-11-08T12:18:33", "published": "2007-11-07T19:58:17", "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/026411.html", "id": "CESA-2007:1029", "title": "xpdf security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:18:00", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit() and is tracked by CVE-2007-4352. Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap, CVE-2007-5392. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream, CVE-2007-5393. All three bugs can be exploited remotely with a crafted PDF file with user- assistance only. These bugs do not only affect xpdf but also the following packages: kdegraphics3-pdf, koffice, libextractor, poppler, gpdf, cups, pdf, pdftohtml\n#### Solution\nThere is no work-around kown.", "edition": 1, "modified": "2007-11-14T16:50:40", "published": "2007-11-14T16:50:40", "id": "SUSE-SA:2007:060", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-11/msg00001.html", "title": "remote code execution in xpdf, kdegraphics3-pdf, koffice, libextractor,", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5392", "CVE-2007-4352", "CVE-2007-5393"], "description": "\nSecunia Research reports:\n\nSecunia Research has discovered some vulnerabilities in Xpdf,\n\t which can be exploited by malicious people to compromise a user's\n\t system.\n\nAn array indexing error within the\n\t \"DCTStream::readProgressiveDataUnit()\" method in xpdf/Stream.cc\n\t can be exploited to corrupt memory via a specially crafted PDF\n\t file.\nAn integer overflow error within the \"DCTStream::reset()\"\n\t method in xpdf/Stream.cc can be exploited to cause a heap-based\n\t buffer overflow via a specially crafted PDF file.\nA boundary error within the \"CCITTFaxStream::lookChar()\" method\n\t in xpdf/Stream.cc can be exploited to cause a heap-based buffer\n\t overflow by tricking a user into opening a PDF file containing a\n\t specially crafted \"CCITTFaxDecode\" filter.\n\nSuccessful exploitation may allow execution of arbitrary code.\n\n", "edition": 4, "modified": "2007-11-14T00:00:00", "published": "2007-11-07T00:00:00", "id": "2747FC39-915B-11DC-9239-001C2514716C", "href": "https://vuxml.freebsd.org/freebsd/2747fc39-915b-11dc-9239-001c2514716c.html", "title": "xpdf -- multiple remote Stream.CC vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}