SuSE 10 Security Update : xpdf (ZYPP Patch Number 7324)
2011-02-24T00:00:00
ID SUSE_XPDF-7324.NASL Type nessus Reporter This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2011-02-24T00:00:00
Description
This update of xpdf fixes an out-of-bounds write in
CharCodeToUnicode.cc and a bad instruction pointer while parsing
malformed PDF files.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(52163);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2010-2642", "CVE-2010-4653", "CVE-2010-4654");
script_name(english:"SuSE 10 Security Update : xpdf (ZYPP Patch Number 7324)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 10 host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"This update of xpdf fixes an out-of-bounds write in
CharCodeToUnicode.cc and a bad instruction pointer while parsing
malformed PDF files."
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2642.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-4653.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-4654.html"
);
script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7324.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/07");
script_set_attribute(attribute:"patch_publication_date", value:"2011/01/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/24");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
flag = 0;
if (rpm_check(release:"SLED10", sp:3, reference:"xpdf-tools-3.01-21.26.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"xpdf-tools-3.01-21.26.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else exit(0, "The host is not affected.");
{"id": "SUSE_XPDF-7324.NASL", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : xpdf (ZYPP Patch Number 7324)", "description": "This update of xpdf fixes an out-of-bounds write in\nCharCodeToUnicode.cc and a bad instruction pointer while parsing\nmalformed PDF files.", "published": "2011-02-24T00:00:00", "modified": "2011-02-24T00:00:00", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/52163", "reporter": "This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://support.novell.com/security/cve/CVE-2010-2642.html", "http://support.novell.com/security/cve/CVE-2010-4653.html", "http://support.novell.com/security/cve/CVE-2010-4654.html"], "cvelist": ["CVE-2010-4653", "CVE-2010-2642", "CVE-2010-4654"], "type": "nessus", "lastseen": "2021-01-20T15:18:15", "edition": 22, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-4653", "CVE-2010-2642", "CVE-2010-4654"]}, {"type": "nessus", "idList": ["SUSE_11_XPDF-TOOLS-110126.NASL", "SUSE_11_3_EVINCE-110105.NASL", "SUSE_11_3_T1LIB-110111.NASL", "MANDRIVA_MDVSA-2011-016.NASL", "MANDRIVA_MDVSA-2011-017.NASL", "FEDORA_2011-0224.NASL", "FEDORA_2011-0208.NASL", "ORACLELINUX_ELSA-2011-0009.NASL", "SUSE_11_2_T1LIB-110111.NASL", "SUSE_11_T1LIB-110111.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870599", "OPENVAS:70799", "OPENVAS:1361412562310831317", "OPENVAS:1361412562310831304", "OPENVAS:136141256231070799", "OPENVAS:831318", "OPENVAS:1361412562310122258", "OPENVAS:831317", "OPENVAS:1361412562310840557", "OPENVAS:1361412562310831318"]}, {"type": "fedora", "idList": ["FEDORA:CF193110916", "FEDORA:BC3FF20C86", "FEDORA:841A5208DE", "FEDORA:0A1CD10FA73"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0137", "ELSA-2011-0009", "ELSA-2012-0062"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25458", "SECURITYVULNS:VULN:11339"]}, {"type": "ubuntu", "idList": ["USN-1335-1", "USN-1035-1"]}, {"type": "gentoo", "idList": ["GLSA-201111-10"]}, {"type": "redhat", "idList": ["RHSA-2012:0137", "RHSA-2012:0062", "RHSA-2011:0009"]}, {"type": "slackware", "idList": ["SSA-2012-228-01"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2357-1:710D7", "DEBIAN:DSA-2388-1:53F5F"]}, {"type": "centos", "idList": ["CESA-2012:0062", "CESA-2012:0137"]}, {"type": "amazon", "idList": ["ALAS-2012-040", "ALAS-2012-048"]}], "modified": "2021-01-20T15:18:15", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-01-20T15:18:15", "rev": 2}, "vulnersScore": 6.9}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52163);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-2642\", \"CVE-2010-4653\", \"CVE-2010-4654\");\n\n script_name(english:\"SuSE 10 Security Update : xpdf (ZYPP Patch Number 7324)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xpdf fixes an out-of-bounds write in\nCharCodeToUnicode.cc and a bad instruction pointer while parsing\nmalformed PDF files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2642.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4653.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4654.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7324.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"xpdf-tools-3.01-21.26.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"xpdf-tools-3.01-21.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "52163", "cpe": ["cpe:/o:suse:suse_linux"], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:45:05", "description": "An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-13T20:15:00", "title": "CVE-2010-4653", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4653"], "modified": "2019-11-18T15:21:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2010-4653", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4653", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:45:05", "description": "poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-13T20:15:00", "title": "CVE-2010-4654", "type": "cve", "cwe": ["CWE-74"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4654"], "modified": "2019-11-18T15:05:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2010-4654", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4654", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:45:00", "description": "Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.", "edition": 6, "cvss3": {}, "published": "2011-01-07T19:00:00", "title": "CVE-2010-2642", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2642"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:redhat:evince:0.4", "cpe:/a:redhat:evince:2.20", "cpe:/a:redhat:evince:2.31", "cpe:/a:redhat:evince:2.31.4", "cpe:/a:redhat:evince:2.30", "cpe:/a:redhat:evince:2.29", "cpe:/a:redhat:evince:2.24", "cpe:/a:redhat:evince:2.22", "cpe:/a:redhat:evince:0.1", "cpe:/a:redhat:evince:0.7", "cpe:/a:redhat:evince:2.31.1", "cpe:/a:redhat:evince:2.26", "cpe:/a:tug:tetex:3.0", "cpe:/a:t1lib:t1lib:5.1.2", "cpe:/a:redhat:evince:0.3", "cpe:/a:redhat:evince:2.31.4.1", "cpe:/a:redhat:evince:2.19", "cpe:/a:redhat:evince:2.31.92", "cpe:/a:redhat:evince:2.28", "cpe:/a:redhat:evince:2.25", "cpe:/a:redhat:evince:2.30.3", "cpe:/a:redhat:evince:0.6", "cpe:/a:redhat:evince:0.9", "cpe:/a:redhat:evince:0.2", "cpe:/a:redhat:evince:2.27", "cpe:/a:redhat:evince:2.30.2", "cpe:/a:redhat:evince:2.23", "cpe:/a:redhat:evince:2.21", "cpe:/a:redhat:evince:2.31.6.1", "cpe:/a:redhat:evince:0.8", "cpe:/a:redhat:evince:0.5", "cpe:/a:redhat:evince:2.31.6", "cpe:/a:redhat:evince:2.29.92", "cpe:/a:redhat:evince:2.31.90", "cpe:/a:redhat:evince:2.32", "cpe:/a:redhat:evince:2.31.2"], "id": "CVE-2010-2642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2642", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:redhat:evince:2.26:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.29:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.31.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.20:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.31.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.31.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.31.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.21:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.27:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.32:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.30.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.25:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.23:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.22:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.28:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.29.92:*:*:*:*:*:*:*", "cpe:2.3:a:t1lib:t1lib:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.31.92:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.31.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.30.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.31:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.31.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.31.90:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.19:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.30:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tetex:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:evince:2.24:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-20T14:42:04", "description": "This update of xpdf fixes an out-of-bounds write in\nCharCodeToUnicode.cc and a bad instruction pointer while parsing\nmalformed PDF files.", "edition": 24, "published": "2011-02-24T00:00:00", "title": "SuSE 11.1 Security Update : xpdf-tools (SAT Patch Number 3857)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4653", "CVE-2010-2642", "CVE-2010-4654"], "modified": "2011-02-24T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:xpdf-tools"], "id": "SUSE_11_XPDF-TOOLS-110126.NASL", "href": "https://www.tenable.com/plugins/nessus/52162", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52162);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-2642\", \"CVE-2010-4653\", \"CVE-2010-4654\");\n\n script_name(english:\"SuSE 11.1 Security Update : xpdf-tools (SAT Patch Number 3857)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xpdf fixes an out-of-bounds write in\nCharCodeToUnicode.cc and a bad instruction pointer while parsing\nmalformed PDF files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=none\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=661018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=664484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2642.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4653.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4654.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3857.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xpdf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xpdf-tools-3.02-138.36.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xpdf-tools-3.02-138.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"xpdf-tools-3.02-138.36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:53:04", "description": "It was discovered that t1lib suffered from the same vulnerability as\npreviousely addressed in Evince with MDVSA-2011:005 (CVE-2010-2642).\nAs a precaution t1lib has been patched to address this flaw.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490", "edition": 25, "published": "2011-01-28T00:00:00", "title": "Mandriva Linux Security Advisory : t1lib (MDVSA-2011:016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642"], "modified": "2011-01-28T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64t1lib5", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:libt1lib5", "p-cpe:/a:mandriva:linux:t1lib-progs", "p-cpe:/a:mandriva:linux:lib64t1lib-static-devel", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:lib64t1lib-devel", "p-cpe:/a:mandriva:linux:libt1lib-devel", "p-cpe:/a:mandriva:linux:t1lib-config", "p-cpe:/a:mandriva:linux:libt1lib-static-devel"], "id": "MANDRIVA_MDVSA-2011-016.NASL", "href": "https://www.tenable.com/plugins/nessus/51807", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:016. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51807);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2642\");\n script_bugtraq_id(45678);\n script_xref(name:\"MDVSA\", value:\"2011:016\");\n\n script_name(english:\"Mandriva Linux Security Advisory : t1lib (MDVSA-2011:016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that t1lib suffered from the same vulnerability as\npreviousely addressed in Evince with MDVSA-2011:005 (CVE-2010-2642).\nAs a precaution t1lib has been patched to address this flaw.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64t1lib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64t1lib-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64t1lib5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libt1lib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libt1lib-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libt1lib5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:t1lib-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:t1lib-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64t1lib-devel-5.1.2-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64t1lib-static-devel-5.1.2-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64t1lib5-5.1.2-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libt1lib-devel-5.1.2-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libt1lib-static-devel-5.1.2-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libt1lib5-5.1.2-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"t1lib-config-5.1.2-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"t1lib-progs-5.1.2-4.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64t1lib-devel-5.1.2-7.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64t1lib-static-devel-5.1.2-7.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64t1lib5-5.1.2-7.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libt1lib-devel-5.1.2-7.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libt1lib-static-devel-5.1.2-7.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libt1lib5-5.1.2-7.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"t1lib-config-5.1.2-7.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"t1lib-progs-5.1.2-7.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64t1lib-devel-5.1.2-8.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64t1lib-static-devel-5.1.2-8.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64t1lib5-5.1.2-8.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libt1lib-devel-5.1.2-8.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libt1lib-static-devel-5.1.2-8.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libt1lib5-5.1.2-8.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"t1lib-config-5.1.2-8.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"t1lib-progs-5.1.2-8.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:53:04", "description": "It was discovered that tetex suffered from the same vulnerability as\npreviousely addressed in Evince with MDVSA-2011:005 (CVE-2010-2642).\nAs a precaution tetex has been patched to address this flaw.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490", "edition": 25, "published": "2011-01-28T00:00:00", "title": "Mandriva Linux Security Advisory : tetex (MDVSA-2011:017)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642"], "modified": "2011-01-28T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tetex-dvips", "p-cpe:/a:mandriva:linux:jadetex", "p-cpe:/a:mandriva:linux:tetex-afm", "p-cpe:/a:mandriva:linux:xmltex", "p-cpe:/a:mandriva:linux:tetex", "p-cpe:/a:mandriva:linux:tetex-usrlocal", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:tetex-context", "p-cpe:/a:mandriva:linux:tetex-texi2html", "p-cpe:/a:mandriva:linux:tetex-xdvi", "p-cpe:/a:mandriva:linux:tetex-mfwin", "p-cpe:/a:mandriva:linux:tetex-devel", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:tetex-dvilj", "p-cpe:/a:mandriva:linux:tetex-dvipdfm", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:tetex-doc", "p-cpe:/a:mandriva:linux:tetex-latex"], "id": "MANDRIVA_MDVSA-2011-017.NASL", "href": "https://www.tenable.com/plugins/nessus/51808", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:017. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51808);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2642\");\n script_bugtraq_id(45678);\n script_xref(name:\"MDVSA\", value:\"2011:017\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tetex (MDVSA-2011:017)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that tetex suffered from the same vulnerability as\npreviousely addressed in Evince with MDVSA-2011:005 (CVE-2010-2642).\nAs a precaution tetex has been patched to address this flaw.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-afm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-dvilj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-dvipdfm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-dvips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-mfwin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-texi2html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-usrlocal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-xdvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xmltex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"jadetex-3.12-145.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-afm-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-context-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-devel-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-doc-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-dvilj-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-dvipdfm-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-dvips-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-latex-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-mfwin-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-texi2html-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-usrlocal-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-xdvi-3.0-47.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xmltex-1.9-93.2mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"jadetex-3.12-147.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-afm-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-context-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-devel-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-doc-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-dvilj-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-dvipdfm-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-dvips-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-latex-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-mfwin-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-texi2html-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-usrlocal-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-xdvi-3.0-49.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"xmltex-1.9-95.2mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"jadetex-3.12-149.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-afm-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-context-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-devel-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-doc-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-dvilj-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-dvipdfm-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-dvips-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-latex-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-mfwin-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-texi2html-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-usrlocal-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tetex-xdvi-3.0-51.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"xmltex-1.9-97.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:19", "description": "A heap overflow in the AFM font parser of DVI files has been fixed in\nt1lib. CVE-2010-2642 has been assigned to this issue.", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : t1lib (openSUSE-SU-2011:0140-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:t1lib", "p-cpe:/a:novell:opensuse:t1lib-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_T1LIB-110111.NASL", "href": "https://www.tenable.com/plugins/nessus/75754", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update t1lib-3788.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75754);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2642\");\n\n script_name(english:\"openSUSE Security Update : t1lib (openSUSE-SU-2011:0140-1)\");\n script_summary(english:\"Check for the t1lib-3788 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap overflow in the AFM font parser of DVI files has been fixed in\nt1lib. CVE-2010-2642 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-02/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected t1lib packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:t1lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:t1lib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"t1lib-5.1.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"t1lib-devel-5.1.2-6.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"t1lib / t1lib-devel\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:06:41", "description": "A heap overflow in the AFM font parser of DVI files has been fixed in\nt1lib. CVE-2010-2642 has been assigned to this issue.", "edition": 24, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : t1lib (openSUSE-SU-2011:0140-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:t1lib", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:t1lib-devel"], "id": "SUSE_11_2_T1LIB-110111.NASL", "href": "https://www.tenable.com/plugins/nessus/53803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update t1lib-3788.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53803);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2642\");\n\n script_name(english:\"openSUSE Security Update : t1lib (openSUSE-SU-2011:0140-1)\");\n script_summary(english:\"Check for the t1lib-3788 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap overflow in the AFM font parser of DVI files has been fixed in\nt1lib. CVE-2010-2642 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-02/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected t1lib packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:t1lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:t1lib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"t1lib-5.1.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"t1lib-devel-5.1.2-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"t1lib / t1lib-devel\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:41:54", "description": "A heap overflow in the AFM font parser of DVI files has been fixed in\nt1lib. CVE-2010-2642 has been assigned to this issue.", "edition": 23, "published": "2011-03-01T00:00:00", "title": "SuSE 11.1 Security Update : t1lib (SAT Patch Number 3789)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642"], "modified": "2011-03-01T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:t1lib"], "id": "SUSE_11_T1LIB-110111.NASL", "href": "https://www.tenable.com/plugins/nessus/52472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52472);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-2642\");\n\n script_name(english:\"SuSE 11.1 Security Update : t1lib (SAT Patch Number 3789)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap overflow in the AFM font parser of DVI files has been fixed in\nt1lib. CVE-2010-2642 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2642.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3789.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:t1lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"t1lib-5.1.1-100.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"t1lib-5.1.1-100.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"t1lib-5.1.1-100.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:37:45", "description": "Multiple font parser vulnerabilities in the DVI backend of evince have\nbeen fixed. CVE-2010-2640 - CVE-2010-2643 have been assigned to these\nissues.", "edition": 23, "published": "2011-01-21T00:00:00", "title": "SuSE 11.1 Security Update : evince (SAT Patch Number 3769)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "modified": "2011-01-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:evince-lang", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:evince-doc", "p-cpe:/a:novell:suse_linux:11:evince"], "id": "SUSE_11_EVINCE-110105.NASL", "href": "https://www.tenable.com/plugins/nessus/51599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51599);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-2640\", \"CVE-2010-2641\", \"CVE-2010-2642\", \"CVE-2010-2643\");\n\n script_name(english:\"SuSE 11.1 Security Update : evince (SAT Patch Number 3769)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple font parser vulnerabilities in the DVI backend of evince have\nbeen fixed. CVE-2010-2640 - CVE-2010-2643 have been assigned to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=660558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2640.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2641.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2642.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2643.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3769.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:evince-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:evince-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"evince-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"evince-lang-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"evince-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"evince-lang-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"evince-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"evince-doc-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"evince-lang-2.28.2-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:21", "description": "An array index error was found in the DeVice Independent (DVI)\nrenderer's PK and VF font file parsers. A DVI file that references a\nspecially crafted font file could, when opened, cause Evince to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Evince. (CVE-2010-2640, CVE-2010-2641)\n\nA heap-based buffer overflow flaw was found in the DVI renderer's AFM\nfont file parser. A DVI file that references a specially crafted font\nfile could, when opened, cause Evince to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Evince.\n(CVE-2010-2642)\n\nAn integer overflow flaw was found in the DVI renderer's TFM font file\nparser. A DVI file that references a specially crafted font file\ncould, when opened, cause Evince to crash or, potentially, execute\narbitrary code with the privileges of the user running Evince.\n(CVE-2010-2643)\n\nNote: The above issues are not exploitable unless an attacker can\ntrick the user into installing a malicious font file.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : evince on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110106_EVINCE_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60930);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2640\", \"CVE-2010-2641\", \"CVE-2010-2642\", \"CVE-2010-2643\");\n\n script_name(english:\"Scientific Linux Security Update : evince on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array index error was found in the DeVice Independent (DVI)\nrenderer's PK and VF font file parsers. A DVI file that references a\nspecially crafted font file could, when opened, cause Evince to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Evince. (CVE-2010-2640, CVE-2010-2641)\n\nA heap-based buffer overflow flaw was found in the DVI renderer's AFM\nfont file parser. A DVI file that references a specially crafted font\nfile could, when opened, cause Evince to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Evince.\n(CVE-2010-2642)\n\nAn integer overflow flaw was found in the DVI renderer's TFM font file\nparser. A DVI file that references a specially crafted font file\ncould, when opened, cause Evince to crash or, potentially, execute\narbitrary code with the privileges of the user running Evince.\n(CVE-2010-2643)\n\nNote: The above issues are not exploitable unless an attacker can\ntrick the user into installing a malicious font file.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=4672\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2aa85ad9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"evince-2.28.2-14.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"evince-devel-2.28.2-14.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"evince-dvi-2.28.2-14.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"evince-libs-2.28.2-14.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:05:40", "description": "Multiple font parser vulnerabilities in the DVI backend of evince have\nbeen fixed. CVE-2010-2640 - CVE-2010-2643 have been assigned to these\nissues.", "edition": 24, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : evince (openSUSE-SU-2011:0045-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:evince-devel", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:evince", "p-cpe:/a:novell:opensuse:evince-lang"], "id": "SUSE_11_2_EVINCE-110105.NASL", "href": "https://www.tenable.com/plugins/nessus/53713", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update evince-3774.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53713);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2640\", \"CVE-2010-2641\", \"CVE-2010-2642\", \"CVE-2010-2643\");\n\n script_name(english:\"openSUSE Security Update : evince (openSUSE-SU-2011:0045-1)\");\n script_summary(english:\"Check for the evince-3774 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple font parser vulnerabilities in the DVI backend of evince have\nbeen fixed. CVE-2010-2640 - CVE-2010-2643 have been assigned to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=660555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected evince packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:evince-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:evince-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"evince-2.28.2-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"evince-devel-2.28.2-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"evince-lang-2.28.2-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evince / evince-devel / evince-lang\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:07:10", "description": "Multiple font parser vulnerabilities in the DVI backend of evince have\nbeen fixed. CVE-2010-2640 - CVE-2010-2643 have been assigned to these\nissues.", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : evince (openSUSE-SU-2011:0045-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:evince-devel", "p-cpe:/a:novell:opensuse:evince", "p-cpe:/a:novell:opensuse:nautilus-evince", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:evince-lang"], "id": "SUSE_11_3_EVINCE-110105.NASL", "href": "https://www.tenable.com/plugins/nessus/75478", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update evince-3774.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75478);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2640\", \"CVE-2010-2641\", \"CVE-2010-2642\", \"CVE-2010-2643\");\n\n script_name(english:\"openSUSE Security Update : evince (openSUSE-SU-2011:0045-1)\");\n script_summary(english:\"Check for the evince-3774 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple font parser vulnerabilities in the DVI backend of evince have\nbeen fixed. CVE-2010-2640 - CVE-2010-2643 have been assigned to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=660555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected evince packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:evince-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:evince-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nautilus-evince\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"evince-2.30.1-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"evince-devel-2.30.1-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"evince-lang-2.30.1-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"nautilus-evince-2.30.1-3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evince / evince-devel / evince-lang / nautilus-evince\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:55:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642"], "description": "Check for the Version of t1lib", "modified": "2017-07-06T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:831317", "href": "http://plugins.openvas.org/nasl.php?oid=831317", "type": "openvas", "title": "Mandriva Update for t1lib MDVSA-2011:016 (t1lib)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for t1lib MDVSA-2011:016 (t1lib)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that t1lib suffered from the same vulnerability as\n previousely addressed in Evince with MDVSA-2011:005 (CVE-2010-2642). As\n a precaution t1lib has been patched to address this flaw.\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"t1lib on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-01/msg00019.php\");\n script_id(831317);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 15:31:16 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:016\");\n script_cve_id(\"CVE-2010-2642\");\n script_name(\"Mandriva Update for t1lib MDVSA-2011:016 (t1lib)\");\n\n script_summary(\"Check for the Version of t1lib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libt1lib5\", rpm:\"libt1lib5~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-devel\", rpm:\"libt1lib-devel~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-static-devel\", rpm:\"libt1lib-static-devel~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-config\", rpm:\"t1lib-config~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-progs\", rpm:\"t1lib-progs~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib\", rpm:\"t1lib~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib5\", rpm:\"lib64t1lib5~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-devel\", rpm:\"lib64t1lib-devel~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-static-devel\", rpm:\"lib64t1lib-static-devel~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libt1lib5\", rpm:\"libt1lib5~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-devel\", rpm:\"libt1lib-devel~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-static-devel\", rpm:\"libt1lib-static-devel~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-config\", rpm:\"t1lib-config~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-progs\", rpm:\"t1lib-progs~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib\", rpm:\"t1lib~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib5\", rpm:\"lib64t1lib5~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-devel\", rpm:\"lib64t1lib-devel~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-static-devel\", rpm:\"lib64t1lib-static-devel~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libt1lib5\", rpm:\"libt1lib5~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-devel\", rpm:\"libt1lib-devel~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-static-devel\", rpm:\"libt1lib-static-devel~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-config\", rpm:\"t1lib-config~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-progs\", rpm:\"t1lib-progs~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib\", rpm:\"t1lib~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib5\", rpm:\"lib64t1lib5~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-devel\", rpm:\"lib64t1lib-devel~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-static-devel\", rpm:\"lib64t1lib-static-devel~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libt1lib5\", rpm:\"libt1lib5~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-devel\", rpm:\"libt1lib-devel~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-static-devel\", rpm:\"libt1lib-static-devel~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-config\", rpm:\"t1lib-config~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-progs\", rpm:\"t1lib-progs~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib\", rpm:\"t1lib~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib5\", rpm:\"lib64t1lib5~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-devel\", rpm:\"lib64t1lib-devel~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-static-devel\", rpm:\"lib64t1lib-static-devel~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:1361412562310831318", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831318", "type": "openvas", "title": "Mandriva Update for tetex MDVSA-2011:017 (tetex)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tetex MDVSA-2011:017 (tetex)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-01/msg00020.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831318\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 15:31:16 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:017\");\n script_cve_id(\"CVE-2010-2642\");\n script_name(\"Mandriva Update for tetex MDVSA-2011:017 (tetex)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tetex'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2010\\.0|2009\\.0)\");\n script_tag(name:\"affected\", value:\"tetex on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"It was discovered that tetex suffered from the same vulnerability as\n previousely addressed in Evince with MDVSA-2011:005 (CVE-2010-2642). As\n a precaution tetex has been patched to address this flaw.\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~149.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~97.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~147.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~95.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:1361412562310831317", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831317", "type": "openvas", "title": "Mandriva Update for t1lib MDVSA-2011:016 (t1lib)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for t1lib MDVSA-2011:016 (t1lib)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-01/msg00019.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831317\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 15:31:16 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:016\");\n script_cve_id(\"CVE-2010-2642\");\n script_name(\"Mandriva Update for t1lib MDVSA-2011:016 (t1lib)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 't1lib'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2010\\.0|2009\\.0)\");\n script_tag(name:\"affected\", value:\"t1lib on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"It was discovered that t1lib suffered from the same vulnerability as\n previousely addressed in Evince with MDVSA-2011:005 (CVE-2010-2642). As\n a precaution t1lib has been patched to address this flaw.\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libt1lib5\", rpm:\"libt1lib5~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-devel\", rpm:\"libt1lib-devel~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-static-devel\", rpm:\"libt1lib-static-devel~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-config\", rpm:\"t1lib-config~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-progs\", rpm:\"t1lib-progs~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib\", rpm:\"t1lib~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib5\", rpm:\"lib64t1lib5~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-devel\", rpm:\"lib64t1lib-devel~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-static-devel\", rpm:\"lib64t1lib-static-devel~5.1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libt1lib5\", rpm:\"libt1lib5~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-devel\", rpm:\"libt1lib-devel~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-static-devel\", rpm:\"libt1lib-static-devel~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-config\", rpm:\"t1lib-config~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-progs\", rpm:\"t1lib-progs~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib\", rpm:\"t1lib~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib5\", rpm:\"lib64t1lib5~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-devel\", rpm:\"lib64t1lib-devel~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-static-devel\", rpm:\"lib64t1lib-static-devel~5.1.2~8.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libt1lib5\", rpm:\"libt1lib5~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-devel\", rpm:\"libt1lib-devel~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-static-devel\", rpm:\"libt1lib-static-devel~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-config\", rpm:\"t1lib-config~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-progs\", rpm:\"t1lib-progs~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib\", rpm:\"t1lib~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib5\", rpm:\"lib64t1lib5~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-devel\", rpm:\"lib64t1lib-devel~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-static-devel\", rpm:\"lib64t1lib-static-devel~5.1.2~7.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libt1lib5\", rpm:\"libt1lib5~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-devel\", rpm:\"libt1lib-devel~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libt1lib-static-devel\", rpm:\"libt1lib-static-devel~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-config\", rpm:\"t1lib-config~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib-progs\", rpm:\"t1lib-progs~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"t1lib\", rpm:\"t1lib~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib5\", rpm:\"lib64t1lib5~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-devel\", rpm:\"lib64t1lib-devel~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64t1lib-static-devel\", rpm:\"lib64t1lib-static-devel~5.1.2~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642"], "description": "Check for the Version of tetex", "modified": "2017-07-06T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:831318", "href": "http://plugins.openvas.org/nasl.php?oid=831318", "type": "openvas", "title": "Mandriva Update for tetex MDVSA-2011:017 (tetex)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tetex MDVSA-2011:017 (tetex)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that tetex suffered from the same vulnerability as\n previousely addressed in Evince with MDVSA-2011:005 (CVE-2010-2642). As\n a precaution tetex has been patched to address this flaw.\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tetex on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-01/msg00020.php\");\n script_id(831318);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 15:31:16 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:017\");\n script_cve_id(\"CVE-2010-2642\");\n script_name(\"Mandriva Update for tetex MDVSA-2011:017 (tetex)\");\n\n script_summary(\"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~149.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~51.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~97.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~147.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~49.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~95.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1035-1", "modified": "2019-03-13T00:00:00", "published": "2011-01-11T00:00:00", "id": "OPENVAS:1361412562310840557", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840557", "type": "openvas", "title": "Ubuntu Update for evince vulnerabilities USN-1035-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1035_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for evince vulnerabilities USN-1035-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1035-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840557\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-11 16:07:49 +0100 (Tue, 11 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1035-1\");\n script_cve_id(\"CVE-2010-2640\", \"CVE-2010-2641\", \"CVE-2010-2642\", \"CVE-2010-2643\");\n script_name(\"Ubuntu Update for evince vulnerabilities USN-1035-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|10\\.10|10\\.04 LTS|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1035-1\");\n script_tag(name:\"affected\", value:\"evince vulnerabilities on Ubuntu 8.04 LTS,\n Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Jon Larimer discovered that Evince's font parsers incorrectly handled\n certain buffer lengths when rendering a DVI file. By tricking a user into\n opening or previewing a DVI file that uses a specially crafted font file,\n an attacker could crash evince or execute arbitrary code with the user's\n privileges.\n\n In the default installation of Ubuntu 9.10 and later, attackers would be\n isolated by the Evince AppArmor profile.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"evince-dbg\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument-dev\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument1\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview-dev\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview1\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"evince-dbg\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument-dev\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument3\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview-dev\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview3\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince-gtk\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gir1.0-evince-2.32\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince-common\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"evince-dbg\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument-dev\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument2\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview-dev\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview2\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"evince-dbg\", ver:\"2.22.2-0ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince-gtk-dbg\", ver:\"2.22.2-0ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince-gtk\", ver:\"2.22.2-0ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince\", ver:\"2.22.2-0ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1035-1", "modified": "2017-12-01T00:00:00", "published": "2011-01-11T00:00:00", "id": "OPENVAS:840557", "href": "http://plugins.openvas.org/nasl.php?oid=840557", "type": "openvas", "title": "Ubuntu Update for evince vulnerabilities USN-1035-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1035_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for evince vulnerabilities USN-1035-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Jon Larimer discovered that Evince's font parsers incorrectly handled\n certain buffer lengths when rendering a DVI file. By tricking a user into\n opening or previewing a DVI file that uses a specially crafted font file,\n an attacker could crash evince or execute arbitrary code with the user's\n privileges.\n\n In the default installation of Ubuntu 9.10 and later, attackers would be\n isolated by the Evince AppArmor profile.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1035-1\";\ntag_affected = \"evince vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1035-1/\");\n script_id(840557);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-11 16:07:49 +0100 (Tue, 11 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1035-1\");\n script_cve_id(\"CVE-2010-2640\", \"CVE-2010-2641\", \"CVE-2010-2642\", \"CVE-2010-2643\");\n script_name(\"Ubuntu Update for evince vulnerabilities USN-1035-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"evince-dbg\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument-dev\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument1\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview-dev\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview1\", ver:\"2.28.1-0ubuntu1.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"evince-dbg\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument-dev\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument3\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview-dev\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview3\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince-gtk\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gir1.0-evince-2.32\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince-common\", ver:\"2.32.0-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"evince-dbg\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument-dev\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevdocument2\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview-dev\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevview2\", ver:\"2.30.3-0ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"evince-dbg\", ver:\"2.22.2-0ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince-gtk-dbg\", ver:\"2.22.2-0ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince-gtk\", ver:\"2.22.2-0ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"evince\", ver:\"2.22.2-0ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "Check for the Version of evince", "modified": "2017-07-06T00:00:00", "published": "2011-01-14T00:00:00", "id": "OPENVAS:831304", "href": "http://plugins.openvas.org/nasl.php?oid=831304", "type": "openvas", "title": "Mandriva Update for evince MDVSA-2011:005 (evince)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for evince MDVSA-2011:005 (evince)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in evince:\n\n Array index error in the PK and VF font parser in the dvi-backend\n component in Evince 2.32 and earlier allows remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted font in conjunction with a DVI file that\n is processed by the thumbnailer (CVE-2010-2640, CVE-2010-2641).\n \n Heap-based buffer overflow in the AFM font parser in the dvi-backend\n component in Evince 2.32 and earlier allows remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted font in conjunction with a DVI file that\n is processed by the thumbnailer (CVE-2010-2642).\n \n Integer overflow in the TFM font parser in the dvi-backend component in\n Evince 2.32 and earlier allows remote attackers to execute arbitrary\n code via a crafted font in conjunction with a DVI file that is\n processed by the thumbnailer (CVE-2010-2643).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"evince on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-01/msg00006.php\");\n script_id(831304);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:005\");\n script_cve_id(\"CVE-2010-2640\", \"CVE-2010-2641\", \"CVE-2010-2642\", \"CVE-2010-2643\");\n script_name(\"Mandriva Update for evince MDVSA-2011:005 (evince)\");\n\n script_summary(\"Check for the Version of evince\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"evince\", rpm:\"evince~2.24.0~2.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libevince0\", rpm:\"libevince0~2.24.0~2.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libevince-devel\", rpm:\"libevince-devel~2.24.0~2.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64evince0\", rpm:\"lib64evince0~2.24.0~2.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64evince-devel\", rpm:\"lib64evince-devel~2.24.0~2.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"evince\", rpm:\"evince~2.30.3~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libevince2\", rpm:\"libevince2~2.30.3~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libevince-devel\", rpm:\"libevince-devel~2.30.3~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64evince2\", rpm:\"lib64evince2~2.30.3~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64evince-devel\", rpm:\"lib64evince-devel~2.30.3~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"evince\", rpm:\"evince~2.28.1~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libevince1\", rpm:\"libevince1~2.28.1~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libevince-devel\", rpm:\"libevince-devel~2.28.1~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64evince1\", rpm:\"lib64evince1~2.28.1~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64evince-devel\", rpm:\"lib64evince-devel~2.28.1~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201111-10.", "modified": "2018-10-12T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070799", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070799", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201111-10 (evince)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201111_10.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70799\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2640\", \"CVE-2010-2641\", \"CVE-2010-2642\", \"CVE-2010-2643\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:41 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201111-10 (evince)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in Evince, allowing remote\n attackers to execute arbitrary code or cause a Denial of Service.\");\n script_tag(name:\"solution\", value:\"All Evince users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/evince-2.32.0-r2'\n\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since April 26, 2011. It is likely that your system is\nalready\n no longer affected by this issue.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201111-10\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=350681\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=363447\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201111-10.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-text/evince\", unaffected: make_list(\"ge 2.32.0-r2\"), vulnerable: make_list(\"lt 2.32.0-r2\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "Check for the Version of evince", "modified": "2017-07-10T00:00:00", "published": "2011-01-14T00:00:00", "id": "OPENVAS:862793", "href": "http://plugins.openvas.org/nasl.php?oid=862793", "type": "openvas", "title": "Fedora Update for evince FEDORA-2011-0224", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for evince FEDORA-2011-0224\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Evince is simple multi-page document viewer. It can display and print\n Portable Document Format (PDF), PostScript (PS) and Encapsulated PostScript\n (EPS) files. When supported by the document format, evince allows searching\n for text, copying text to the clipboard, hypertext navigation,\n table-of-contents bookmarks and editing of forms.\n\n Support for other document formats such as DVI and DJVU can be added by\n installing additional backends.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"evince on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html\");\n script_id(862793);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-0224\");\n script_cve_id(\"CVE-2010-2640\", \"CVE-2010-2641\", \"CVE-2010-2642\", \"CVE-2010-2643\");\n script_name(\"Fedora Update for evince FEDORA-2011-0224\");\n\n script_summary(\"Check for the Version of evince\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"evince\", rpm:\"evince~2.30.3~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "Check for the Version of evince", "modified": "2017-07-10T00:00:00", "published": "2011-01-11T00:00:00", "id": "OPENVAS:862785", "href": "http://plugins.openvas.org/nasl.php?oid=862785", "type": "openvas", "title": "Fedora Update for evince FEDORA-2011-0208", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for evince FEDORA-2011-0208\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Evince is simple multi-page document viewer. It can display and print\n Portable Document Format (PDF), PostScript (PS) and Encapsulated PostScript\n (EPS) files. When supported by the document format, evince allows searching\n for text, copying text to the clipboard, hypertext navigation,\n table-of-contents bookmarks and editing of forms.\n\n Support for other document formats such as DVI and DJVU can be added by\n installing additional backends.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"evince on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html\");\n script_id(862785);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-11 16:07:49 +0100 (Tue, 11 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-0208\");\n script_cve_id(\"CVE-2010-2640\", \"CVE-2010-2641\", \"CVE-2010-2642\", \"CVE-2010-2643\");\n script_name(\"Fedora Update for evince FEDORA-2011-0208\");\n\n script_summary(\"Check for the Version of evince\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"evince\", rpm:\"evince~2.32.0~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "Buffer overflows on malformed fonts during DVI files processing.", "edition": 1, "modified": "2011-01-07T00:00:00", "published": "2011-01-07T00:00:00", "id": "SECURITYVULNS:VULN:11339", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11339", "title": "evince buffer overflows", "type": "securityvulns", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "===========================================================\r\nUbuntu Security Notice USN-1035-1 January 05, 2011\r\nevince vulnerabilities\r\nCVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.04 LTS\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\nUbuntu 10.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.04 LTS:\r\n evince 2.22.2-0ubuntu2.1\r\n\r\nUbuntu 9.10:\r\n evince 2.28.1-0ubuntu1.3\r\n\r\nUbuntu 10.04 LTS:\r\n evince 2.30.3-0ubuntu1.2\r\n\r\nUbuntu 10.10:\r\n evince 2.32.0-0ubuntu1.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nJon Larimer discovered that Evince's font parsers incorrectly handled\r\ncertain buffer lengths when rendering a DVI file. By tricking a user into\r\nopening or previewing a DVI file that uses a specially crafted font file,\r\nan attacker could crash evince or execute arbitrary code with the user's\r\nprivileges.\r\n\r\nIn the default installation of Ubuntu 9.10 and later, attackers would be\r\nisolated by the Evince AppArmor profile.\r\n\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.22.2-0ubuntu2.1.diff.gz\r\n Size/MD5: 58656 10cb65378f99126c196557a3b553b25b\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.22.2-0ubuntu2.1.dsc\r\n Size/MD5: 2059 887337adb32c3f071cc0b8b64da98f44\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.22.2.orig.tar.gz\r\n Size/MD5: 2474471 b1d923e6524701e2d372c37cbd534f4b\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-dbg_2.22.2-0ubuntu2.1_amd64.deb\r\n Size/MD5: 977682 651cbed53f3ca3c374c87a539b0b62bf\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-gtk-dbg_2.22.2-0ubuntu2.1_amd64.deb\r\n Size/MD5: 946234 cb6b9c32b3dd972ccf144743c175bef3\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-gtk_2.22.2-0ubuntu2.1_amd64.deb\r\n Size/MD5: 921702 661219326d1f2e28310b964d4dc11eb2\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.22.2-0ubuntu2.1_amd64.deb\r\n Size/MD5: 928576 55be7ea40c253bb67f943f0d4e2d20c0\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-dbg_2.22.2-0ubuntu2.1_i386.deb\r\n Size/MD5: 919530 3fb07654c66749f12711047989a8d2a1\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-gtk-dbg_2.22.2-0ubuntu2.1_i386.deb\r\n Size/MD5: 889076 1a636f497c7526a0e3e68fb09cee197b\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-gtk_2.22.2-0ubuntu2.1_i386.deb\r\n Size/MD5: 884734 2d359ec0f0734086db47aadbd216ad9a\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.22.2-0ubuntu2.1_i386.deb\r\n Size/MD5: 890366 1d8af630eec51083c449cb5c2033e3be\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.22.2-0ubuntu2.1_lpia.deb\r\n Size/MD5: 933958 3b3efa5ebcf686af2fd38a10c12158ad\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-gtk-dbg_2.22.2-0ubuntu2.1_lpia.deb\r\n Size/MD5: 904168 88f1fcd16e111ead9053411ad1202547\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-gtk_2.22.2-0ubuntu2.1_lpia.deb\r\n Size/MD5: 876086 221b2a848a01aeeeefa6cf6db6fe1e54\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.22.2-0ubuntu2.1_lpia.deb\r\n Size/MD5: 883460 28af256bf4eaa885cb0218fe2a95137e\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.22.2-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 968852 e4c130d0aa7947e77fd84c5906a6e8c6\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-gtk-dbg_2.22.2-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 937262 67d0f60f306fd172d767c59ff93c8268\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-gtk_2.22.2-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 942478 4b2be38f8e3fd2d49673521ac30ea00b\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.22.2-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 951384 3307826144061d387e1f457de6b8b672\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.22.2-0ubuntu2.1_sparc.deb\r\n Size/MD5: 887444 2e171e9512875a7bf7e049408f3f5177\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-gtk-dbg_2.22.2-0ubuntu2.1_sparc.deb\r\n Size/MD5: 857242 7dd46076e3e5666402ae891844a13832\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-gtk_2.22.2-0ubuntu2.1_sparc.deb\r\n Size/MD5: 882048 977fe6d004d2df8af9d3e60a3e736a00\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.22.2-0ubuntu2.1_sparc.deb\r\n Size/MD5: 888640 edb581ce52d6d2023f08fc6582ab0856\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.28.1-0ubuntu1.3.diff.gz\r\n Size/MD5: 33951 30aff6ff144366bd546d12c902e41ee3\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.28.1-0ubuntu1.3.dsc\r\n Size/MD5: 2541 a38c6142b25cdce42b1c970f9957bb97\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.28.1.orig.tar.gz\r\n Size/MD5: 3108424 21cb5da8c4a5ce9afbcba85239314af1\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-dbg_2.28.1-0ubuntu1.3_amd64.deb\r\n Size/MD5: 1123746 781a3049348360b08aa4ee9d6738dc34\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.28.1-0ubuntu1.3_amd64.deb\r\n Size/MD5: 442456 68adc2f592cd6cfdb401eb7f038f4d53\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument-dev_2.28.1-0ubuntu1.3_amd64.deb\r\n Size/MD5: 122324 a549b5e243f0caea528aa297b27abd41\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument1_2.28.1-0ubuntu1.3_amd64.deb\r\n Size/MD5: 80830 3403063a95ab594bbd169fab37cd5720\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview-dev_2.28.1-0ubuntu1.3_amd64.deb\r\n Size/MD5: 131558 3b60f3683570463ab78c21a643db7c72\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview1_2.28.1-0ubuntu1.3_amd64.deb\r\n Size/MD5: 83140 d558cab55eeb7dd657ad6e7b398778fc\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-dbg_2.28.1-0ubuntu1.3_i386.deb\r\n Size/MD5: 1096684 23c36c52e48b25c81a7319578420cb5a\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.28.1-0ubuntu1.3_i386.deb\r\n Size/MD5: 409442 788d123d3eb682381362b4a4dd841875\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument-dev_2.28.1-0ubuntu1.3_i386.deb\r\n Size/MD5: 113688 97f87763644e557ee3e01f6f51668671\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument1_2.28.1-0ubuntu1.3_i386.deb\r\n Size/MD5: 75618 3b3e5fd86e235fccc50ddadd786ad4b5\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview-dev_2.28.1-0ubuntu1.3_i386.deb\r\n Size/MD5: 119626 27a1deb3b456856ab33ea5b350d753fc\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview1_2.28.1-0ubuntu1.3_i386.deb\r\n Size/MD5: 77318 b00b6e4341cbb5afcd1c7d7bae260492\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.28.1-0ubuntu1.3_armel.deb\r\n Size/MD5: 1099452 b762e354373e8c5ba73d289fde7db5c3\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.28.1-0ubuntu1.3_armel.deb\r\n Size/MD5: 401144 36c802f4c966ee4d73d75f2c812d893a\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument-dev_2.28.1-0ubuntu1.3_armel.deb\r\n Size/MD5: 117988 d5efba778af71a4da5b2cb75344f62c7\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument1_2.28.1-0ubuntu1.3_armel.deb\r\n Size/MD5: 72122 c01f2d122536c1a233ba174259b12e4b\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview-dev_2.28.1-0ubuntu1.3_armel.deb\r\n Size/MD5: 120064 a378ffbb664571858c8750f231d5fec2\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview1_2.28.1-0ubuntu1.3_armel.deb\r\n Size/MD5: 72756 31e260d056308d310535a0a353f530c9\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.28.1-0ubuntu1.3_lpia.deb\r\n Size/MD5: 1113354 e163be23bc337f602e88e7a29dea6a81\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.28.1-0ubuntu1.3_lpia.deb\r\n Size/MD5: 409318 7854d48bf7fe083fd210c3191d59ca93\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument-dev_2.28.1-0ubuntu1.3_lpia.deb\r\n Size/MD5: 113294 158f681be3ca7dfe25418beb56de8dd9\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument1_2.28.1-0ubuntu1.3_lpia.deb\r\n Size/MD5: 74532 be5e05729ada7d50c5ec6cf836a7849d\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview-dev_2.28.1-0ubuntu1.3_lpia.deb\r\n Size/MD5: 120530 bba6dbb20612a8e9d448d76e96de7662\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview1_2.28.1-0ubuntu1.3_lpia.deb\r\n Size/MD5: 76874 93747dab7cc6db172750d30753a6cb9e\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.28.1-0ubuntu1.3_powerpc.deb\r\n Size/MD5: 1140194 37c9bc5fc5134a800aa765195006ffd4\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.28.1-0ubuntu1.3_powerpc.deb\r\n Size/MD5: 435756 cacf10f078169e6257382f2d7c965240\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument-dev_2.28.1-0ubuntu1.3_powerpc.deb\r\n Size/MD5: 122704 a27e9a2856d6e6798ed6519f59b5e91f\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument1_2.28.1-0ubuntu1.3_powerpc.deb\r\n Size/MD5: 80116 e164af323342b7ebb455bc5d406d6580\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview-dev_2.28.1-0ubuntu1.3_powerpc.deb\r\n Size/MD5: 135324 696c060fd56f5f9a1416813680e6b9d4\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview1_2.28.1-0ubuntu1.3_powerpc.deb\r\n Size/MD5: 84550 8bec258b7e60a592c1e8bcc6c032c8ef\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.28.1-0ubuntu1.3_sparc.deb\r\n Size/MD5: 1048388 4afeb36ebafe06795ec1ee1ac0cbb4d3\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.28.1-0ubuntu1.3_sparc.deb\r\n Size/MD5: 415722 a3b457374c631491bbe2790283f8d0d1\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument-dev_2.28.1-0ubuntu1.3_sparc.deb\r\n Size/MD5: 117332 675809f4f9de5c93d2182a435763fe0b\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument1_2.28.1-0ubuntu1.3_sparc.deb\r\n Size/MD5: 76050 c7366a0cd1dbe9f0d733bd7feca6feff\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview-dev_2.28.1-0ubuntu1.3_sparc.deb\r\n Size/MD5: 126584 23b8527eb90b1a1895a9cd2c8810d09b\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview1_2.28.1-0ubuntu1.3_sparc.deb\r\n Size/MD5: 77646 e433ba061facf01f1c48af565c4d75f3\r\n\r\nUpdated packages for Ubuntu 10.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.30.3-0ubuntu1.2.diff.gz\r\n Size/MD5: 36123 eae9ac8c4495ec8bd31794a3c0841b4e\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.30.3-0ubuntu1.2.dsc\r\n Size/MD5: 2573 1355ee5f76f96a5a6656d1e5718218d3\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.30.3.orig.tar.gz\r\n Size/MD5: 3359398 4614e108cc4fda94bac2a242e490408a\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-dbg_2.30.3-0ubuntu1.2_amd64.deb\r\n Size/MD5: 1204320 46544ddc8c5dc9bf3656a569aacbe5e1\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.30.3-0ubuntu1.2_amd64.deb\r\n Size/MD5: 494126 4a5453f75c6999c696138af7e8d6123c\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument-dev_2.30.3-0ubuntu1.2_amd64.deb\r\n Size/MD5: 156262 3a40f1c55a506fb45bbe60c193788864\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument2_2.30.3-0ubuntu1.2_amd64.deb\r\n Size/MD5: 91622 82a3a68f56280faf538255bcad15d0e1\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview-dev_2.30.3-0ubuntu1.2_amd64.deb\r\n Size/MD5: 167030 7df46636fb9e2337b88297f735620a83\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview2_2.30.3-0ubuntu1.2_amd64.deb\r\n Size/MD5: 100632 9546a345ed33837f8a472a3e4cea1f78\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-dbg_2.30.3-0ubuntu1.2_i386.deb\r\n Size/MD5: 1168390 1ac385bedba5cf90d554edcd6586f374\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.30.3-0ubuntu1.2_i386.deb\r\n Size/MD5: 460208 8298ce4d1dc146b7e753ac1768326b4d\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument-dev_2.30.3-0ubuntu1.2_i386.deb\r\n Size/MD5: 150004 deadee05f94ee8cdf5df04e9d5ad465c\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument2_2.30.3-0ubuntu1.2_i386.deb\r\n Size/MD5: 85670 afd91d6ebd7f3772a257d618068a1e37\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview-dev_2.30.3-0ubuntu1.2_i386.deb\r\n Size/MD5: 158094 ed31cb3d367c416bde90e2c2f7363f21\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview2_2.30.3-0ubuntu1.2_i386.deb\r\n Size/MD5: 94078 76c1ad902d77010e4d5d2fbf27890a7c\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.30.3-0ubuntu1.2_armel.deb\r\n Size/MD5: 1190724 a3c2bd60c2d9d68b8118b07ea372d01e\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.30.3-0ubuntu1.2_armel.deb\r\n Size/MD5: 435154 5dae9ca7a0f720d1811e0d88fd6b9f9f\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument-dev_2.30.3-0ubuntu1.2_armel.deb\r\n Size/MD5: 152576 1677bceeb8b1e5fc8da2d3df3013bfdc\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument2_2.30.3-0ubuntu1.2_armel.deb\r\n Size/MD5: 82202 1cc89128bb2190ed583f1ded7114b2c0\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview-dev_2.30.3-0ubuntu1.2_armel.deb\r\n Size/MD5: 153106 be39f153d707c24d581d1ee1f2c72fa2\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview2_2.30.3-0ubuntu1.2_armel.deb\r\n Size/MD5: 83952 5bf9187de175e3f837c24cd0ebfed080\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.30.3-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 1234784 1d8bdb0f612fd41c183fa95cbc3ffcc8\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.30.3-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 498284 73ab8f18c099b2a3ff92fbf7fdf38cb9\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument-dev_2.30.3-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 151928 1a883ff73b6cc3e5c3fd4aa0ff03c215\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument2_2.30.3-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 90498 0678220aebf68728355c51cef83de69b\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview-dev_2.30.3-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 162944 dc3ad1616592a8b9a36515949795348c\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview2_2.30.3-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 101944 6726f6464fbf8c55f01afe60f457b608\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.30.3-0ubuntu1.2_sparc.deb\r\n Size/MD5: 1121880 2532d06ad2566b5d6593a963f77f488c\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.30.3-0ubuntu1.2_sparc.deb\r\n Size/MD5: 468944 83c4c891fb6408b57c99f54f142e21aa\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument-dev_2.30.3-0ubuntu1.2_sparc.deb\r\n Size/MD5: 153350 0194ce558149ca310138afb21c353bfc\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument2_2.30.3-0ubuntu1.2_sparc.deb\r\n Size/MD5: 87556 b2189a45ca2578d04b18b603fc8af596\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview-dev_2.30.3-0ubuntu1.2_sparc.deb\r\n Size/MD5: 166302 48c8395bb7df62ba31895df439636aa2\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview2_2.30.3-0ubuntu1.2_sparc.deb\r\n Size/MD5: 97032 f334a6c49de74270ae0179733b4f3a3b\r\n\r\nUpdated packages for Ubuntu 10.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.32.0-0ubuntu1.1.debian.tar.gz\r\n Size/MD5: 29199 076d5fadab649fa3c975bd68142dea89\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.32.0-0ubuntu1.1.dsc\r\n Size/MD5: 2831 8ec2e2e70c5aff66841e953c267d1510\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.32.0.orig.tar.gz\r\n Size/MD5: 3523623 f2621208fe255acab4172c0216a55504\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-common_2.32.0-0ubuntu1.1_all.deb\r\n Size/MD5: 128222 b818b14aba5edd73de12b9f959f32e62\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-dbg_2.32.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 1315462 1a0f2a4392de75a8f5ddde6ea219c66e\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.32.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 201016 4e9b3b77f4b6a80ec7eb95f69957d961\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument-dev_2.32.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 251046 67db69dfd5483fa01155636e145ac30c\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument3_2.32.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 476038 6595fa929cdec6aee5778dc2f939dae6\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview-dev_2.32.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 183632 8487b662659a009eb6620126e7b2daef\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview3_2.32.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 108630 66b8396b126ce46357721c53108ff662\r\n http://security.ubuntu.com/ubuntu/pool/universe/e/evince/evince-gtk_2.32.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 178684 98896216af3257745d93f22566434ab0\r\n http://security.ubuntu.com/ubuntu/pool/universe/e/evince/gir1.0-evince-2.32_2.32.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 26310 a884355bef0047f5e7f3aaf3e42c6cf4\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince-dbg_2.32.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 1277494 5100f429a850988b436f1e40081a9049\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_2.32.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 182484 1f0ae1eb13d6cda0dc6c53adc9fbdc21\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument-dev_2.32.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 235188 0e5bd5da6f0abe8e211106065fc385a1\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevdocument3_2.32.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 438120 8923fae121465b8a6bf2a7e307c0166c\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview-dev_2.32.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 170740 2cbd830eddaee8c10518e025ab55e1ca\r\n http://security.ubuntu.com/ubuntu/pool/main/e/evince/libevview3_2.32.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 100370 2f5f0cef8458dd2be17bb0a52f2fef5d\r\n http://security.ubuntu.com/ubuntu/pool/universe/e/evince/evince-gtk_2.32.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 162692 cefaa76ed9656545a3470e55f2d99235\r\n http://security.ubuntu.com/ubuntu/pool/universe/e/evince/gir1.0-evince-2.32_2.32.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 26328 76cc603d53a723fceab0338e01f369d0\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.32.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 1299682 6ef928b646181a0ca932d363a622f022\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.32.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 173654 7622af1788166cb2b81fcc5a9e8dde73\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument-dev_2.32.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 239682 a800a19540f27f19347322ccedbfd1fd\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument3_2.32.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 419404 2e36f56a49c17c952b515185c8dc35b6\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview-dev_2.32.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 171128 a56722d8dcb43d0ae8d47d41907afd64\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview3_2.32.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 93538 e238377b4b219a49d4357ea78ef8a48e\r\n http://ports.ubuntu.com/pool/universe/e/evince/evince-gtk_2.32.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 153790 25854f7ae02c0273f3dee6b97f6d85fe\r\n http://ports.ubuntu.com/pool/universe/e/evince/gir1.0-evince-2.32_2.32.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 26314 b850cbbea9374dc523b69b7709fada30\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/e/evince/evince-dbg_2.32.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 1346442 a8509f688550a69445ac7c27dacf1c4c\r\n http://ports.ubuntu.com/pool/main/e/evince/evince_2.32.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 203326 6ff8065de50c7194904d1632eaf96619\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument-dev_2.32.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 236904 7ada80562e3cb60c0f8663c918f9ec3f\r\n http://ports.ubuntu.com/pool/main/e/evince/libevdocument3_2.32.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 472618 5b5e8474c3c20291aab65f840316c9c6\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview-dev_2.32.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 177040 ccf09c57a3de1b9caf3d7a889ab89063\r\n http://ports.ubuntu.com/pool/main/e/evince/libevview3_2.32.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 109494 cd4c7086bb23fd1f3bc85c8148d5cf29\r\n http://ports.ubuntu.com/pool/universe/e/evince/evince-gtk_2.32.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 180942 6f241cc07afd9f4350dd5c78ddf553c0\r\n http://ports.ubuntu.com/pool/universe/e/evince/gir1.0-evince-2.32_2.32.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 26952 03e0b54954016cd7796eef6e3ba84bc3\r\n\r\n\r\n", "edition": 1, "modified": "2011-01-07T00:00:00", "published": "2011-01-07T00:00:00", "id": "SECURITYVULNS:DOC:25458", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25458", "title": "[USN-1035-1] Evince vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:34:07", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "Jon Larimer discovered that Evince's font parsers incorrectly handled \ncertain buffer lengths when rendering a DVI file. By tricking a user into \nopening or previewing a DVI file that uses a specially crafted font file, \nan attacker could crash evince or execute arbitrary code with the user's \nprivileges.\n\nIn the default installation of Ubuntu 9.10 and later, attackers would be \nisolated by the Evince AppArmor profile.", "edition": 5, "modified": "2011-01-05T00:00:00", "published": "2011-01-05T00:00:00", "id": "USN-1035-1", "href": "https://ubuntu.com/security/notices/USN-1035-1", "title": "Evince vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:32:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1552", "CVE-2010-2642", "CVE-2011-1554", "CVE-2011-1553", "CVE-2011-0433"], "description": "Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a \nuser were tricked into using a specially crafted font file, a remote \nattacker could cause t1lib to crash or possibly execute arbitrary code with \nuser privileges. (CVE-2010-2642, CVE-2011-0433)\n\nJonathan Brossard discovered that t1lib did not correctly handle certain \nmalformed font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause t1lib to crash. (CVE-2011-1552, \nCVE-2011-1553, CVE-2011-1554)", "edition": 5, "modified": "2012-01-19T00:00:00", "published": "2012-01-19T00:00:00", "id": "USN-1335-1", "href": "https://ubuntu.com/security/notices/USN-1335-1", "title": "t1lib vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:32", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "[2.28.2-14.el6_0.1]\n- Fixes CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643\n- Resolves: #666323", "edition": 4, "modified": "2011-02-10T00:00:00", "published": "2011-02-10T00:00:00", "id": "ELSA-2011-0009", "href": "http://linux.oracle.com/errata/ELSA-2011-0009.html", "title": "evince security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0764", "CVE-2011-1552", "CVE-2010-2642", "CVE-2011-1554", "CVE-2011-1553", "CVE-2011-0433"], "description": "[5.1.2-6.1]\n- Fixed CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554\n Resolves: rhbz#772900", "edition": 4, "modified": "2012-01-24T00:00:00", "published": "2012-01-24T00:00:00", "id": "ELSA-2012-0062", "href": "http://linux.oracle.com/errata/ELSA-2012-0062.html", "title": "t1lib security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "### Background\n\nEvince is a document viewer for multiple document formats, including PostScript. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Evince. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to load a DVI file with a specially crafted font, resulting in the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Evince users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/evince-2.32.0-r2\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 26, 2011. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2011-11-20T00:00:00", "published": "2011-11-20T00:00:00", "id": "GLSA-201111-10", "href": "https://security.gentoo.org/glsa/201111-10", "type": "gentoo", "title": "Evince: Multiple vulnerabilities", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:46", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2642", "CVE-2010-2643"], "description": "Evince is a document viewer.\n\nAn array index error was found in the DeVice Independent (DVI) renderer's\nPK and VF font file parsers. A DVI file that references a specially-crafted\nfont file could, when opened, cause Evince to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Evince.\n(CVE-2010-2640, CVE-2010-2641)\n\nA heap-based buffer overflow flaw was found in the DVI renderer's AFM font\nfile parser. A DVI file that references a specially-crafted font file\ncould, when opened, cause Evince to crash or, potentially, execute\narbitrary code with the privileges of the user running Evince.\n(CVE-2010-2642)\n\nAn integer overflow flaw was found in the DVI renderer's TFM font file\nparser. A DVI file that references a specially-crafted font file could,\nwhen opened, cause Evince to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Evince. (CVE-2010-2643)\n\nNote: The above issues are not exploitable unless an attacker can trick the\nuser into installing a malicious font file.\n\nRed Hat would like to thank the Evince development team for reporting these\nissues. Upstream acknowledges Jon Larimer of IBM X-Force as the original\nreporter of these issues.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues.\n", "modified": "2018-06-06T20:24:37", "published": "2011-01-06T05:00:00", "id": "RHSA-2011:0009", "href": "https://access.redhat.com/errata/RHSA-2011:0009", "type": "redhat", "title": "(RHSA-2011:0009) Moderate: evince security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:28", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2642", "CVE-2011-0433", "CVE-2011-0764", "CVE-2011-1552", "CVE-2011-1553", "CVE-2011-1554"], "description": "The t1lib library allows you to rasterize bitmaps from PostScript Type 1\nfonts.\n\nTwo heap-based buffer overflow flaws were found in the way t1lib processed\nAdobe Font Metrics (AFM) files. If a specially-crafted font file was opened\nby an application linked against t1lib, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-2642, CVE-2011-0433)\n\nAn invalid pointer dereference flaw was found in t1lib. A specially-crafted\nfont file could, when opened, cause an application linked against t1lib to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2011-0764)\n\nA use-after-free flaw was found in t1lib. A specially-crafted font file\ncould, when opened, cause an application linked against t1lib to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2011-1553)\n\nAn off-by-one flaw was found in t1lib. A specially-crafted font file could,\nwhen opened, cause an application linked against t1lib to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2011-1554)\n\nAn out-of-bounds memory read flaw was found in t1lib. A specially-crafted\nfont file could, when opened, cause an application linked against t1lib to\ncrash. (CVE-2011-1552)\n\nRed Hat would like to thank the Evince development team for reporting\nCVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the\noriginal reporter of CVE-2010-2642.\n\nAll users of t1lib are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All applications linked\nagainst t1lib must be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:26", "published": "2012-01-24T05:00:00", "id": "RHSA-2012:0062", "href": "https://access.redhat.com/errata/RHSA-2012:0062", "type": "redhat", "title": "(RHSA-2012:0062) Moderate: t1lib security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:28", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2642", "CVE-2011-0433", "CVE-2011-0764", "CVE-2011-1552", "CVE-2011-1553", "CVE-2011-1554"], "description": "TeX Live is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output. The texlive packages provide a number of\nutilities, including dvips.\n\nTeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize\nbitmaps from PostScript Type 1 fonts. The following issues affect t1lib\ncode:\n\nTwo heap-based buffer overflow flaws were found in the way t1lib processed\nAdobe Font Metrics (AFM) files. If a specially-crafted font file was opened\nby a TeX Live utility, it could cause the utility to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the utility.\n(CVE-2010-2642, CVE-2011-0433)\n\nAn invalid pointer dereference flaw was found in t1lib. A specially-crafted\nfont file could, when opened, cause a TeX Live utility to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe utility. (CVE-2011-0764)\n\nA use-after-free flaw was found in t1lib. A specially-crafted font file\ncould, when opened, cause a TeX Live utility to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the utility.\n(CVE-2011-1553)\n\nAn off-by-one flaw was found in t1lib. A specially-crafted font file could,\nwhen opened, cause a TeX Live utility to crash or, potentially, execute\narbitrary code with the privileges of the user running the utility.\n(CVE-2011-1554)\n\nAn out-of-bounds memory read flaw was found in t1lib. A specially-crafted\nfont file could, when opened, cause a TeX Live utility to crash.\n(CVE-2011-1552)\n\nRed Hat would like to thank the Evince development team for reporting\nCVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the\noriginal reporter of CVE-2010-2642.\n\nAll users of texlive are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\n", "modified": "2018-06-06T20:24:11", "published": "2012-02-15T05:00:00", "id": "RHSA-2012:0137", "href": "https://access.redhat.com/errata/RHSA-2012:0137", "type": "redhat", "title": "(RHSA-2012:0137) Moderate: texlive security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2642", "CVE-2010-2643"], "description": "Evince is simple multi-page document viewer. It can display and print Portable Document Format (PDF), PostScript (PS) and Encapsulated PostScript (EPS) files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks and editing of forms. Support for other document formats such as DVI and DJVU can be added by installing additional backends. ", "modified": "2011-01-08T21:26:09", "published": "2011-01-08T21:26:09", "id": "FEDORA:0A1CD10FA73", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: evince-2.32.0-3.fc14", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2642", "CVE-2010-2643"], "description": "Evince is simple multi-page document viewer. It can display and print Portable Document Format (PDF), PostScript (PS) and Encapsulated PostScript (EPS) files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks and editing of forms. Support for other document formats such as DVI and DJVU can be added by installing additional backends. ", "modified": "2011-01-12T05:23:01", "published": "2011-01-12T05:23:01", "id": "FEDORA:CF193110916", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: evince-2.30.3-2.fc13", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2642", "CVE-2011-0433", "CVE-2011-0764", "CVE-2011-1552", "CVE-2011-1553", "CVE-2011-1554"], "description": "T1lib is a rasterizer library for Adobe Type 1 Fonts. It supports rotation and transformation, kerning underlining and antialiasing. It does not depend on X11, but does provides some special functions for X11. AFM-files can be generated from Type 1 font files and font subsetting is possible. ", "modified": "2012-01-28T03:23:39", "published": "2012-01-28T03:23:39", "id": "FEDORA:841A5208DE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: t1lib-5.1.2-9.fc16", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2642", "CVE-2011-0433", "CVE-2011-0764", "CVE-2011-1552", "CVE-2011-1553", "CVE-2011-1554"], "description": "T1lib is a rasterizer library for Adobe Type 1 Fonts. It supports rotation and transformation, kerning underlining and antialiasing. It does not depend on X11, but does provides some special functions for X11. AFM-files can be generated from Type 1 font files and font subsetting is possible. ", "modified": "2012-01-28T03:28:44", "published": "2012-01-28T03:28:44", "id": "FEDORA:BC3FF20C86", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: t1lib-5.1.2-9.fc15", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2642", "CVE-2011-0764", "CVE-2011-1552", "CVE-2011-1553", "CVE-2011-1554"], "description": "New t1lib packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/t1lib-5.1.2-i486-3_slack13.37.txz: Rebuilt.\n Patched various overflows, crashes, and pointer bugs.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/t1lib-5.1.2-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/t1lib-5.1.2-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/t1lib-5.1.2-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/t1lib-5.1.2-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/t1lib-5.1.2-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/t1lib-5.1.2-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/t1lib-5.1.2-i486-3_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/t1lib-5.1.2-x86_64-3_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/t1lib-5.1.2-i486-3.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/t1lib-5.1.2-x86_64-3.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\nb4a19acb6abc371cecd3555b2e8d794a t1lib-5.1.2-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\ne8cbabaf0a83b81dccbe67862e0b7f0a t1lib-5.1.2-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\naef159285fb637413ca0d7e59adf92da t1lib-5.1.2-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nc014687cf4154b42ec66fb6fc2ac3e7e t1lib-5.1.2-x86_64-2_slack13.0.txz\n\nSlackware 13.1 package:\n2e14125a3c4f46811c7ee918ecdba79d t1lib-5.1.2-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n7fd0cb7d16dee8b5b5757ac93258e838 t1lib-5.1.2-x86_64-2_slack13.1.txz\n\nSlackware 13.37 package:\neab121d3ac1bb128efff380942609fd4 t1lib-5.1.2-i486-3_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n937da04c0f0f19812c440be48bf169ca t1lib-5.1.2-x86_64-3_slack13.37.txz\n\nSlackware -current package:\n9b6796f3e27952172236425a7031cb58 l/t1lib-5.1.2-i486-3.txz\n\nSlackware x86_64 -current package:\n6942fb6f9f78b8e3cc4a1c77469a2512 l/t1lib-5.1.2-x86_64-3.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg t1lib-5.1.2-i486-3_slack13.37.txz", "modified": "2012-08-16T06:32:38", "published": "2012-08-16T06:32:38", "id": "SSA-2012-228-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.472486", "type": "slackware", "title": "[slackware-security] t1lib", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:28:03", "bulletinFamily": "unix", "cvelist": ["CVE-2010-264320", "CVE-2010-2642", "CVE-2010-2640", "CVE-2010-2641", "CVE-2010-2643"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2357-1 security@debian.org\nhttp://www.debian.org/security/ Yves-Alexis Perez\nDecember 03, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : evince\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-264320\nDebian Bug : 609534\n\nJon Larimer from IBM X-Force Advanced Research discovered multiple\nvulnerabilities in the DVI backend of the evince document viewer:\n\nCVE-2010-2640\n\n Insuficient array bounds checks in the PK fonts parser could lead\n to function pointer overwrite, causing arbitrary code execution.\n\nCVE-2010-2641\n\n Insuficient array bounds checks in the PK fonts parser could lead\n to function pointer overwrite, causing arbitrary code execution.\n\nCVE-2010-2642\n\n Insuficient bounds checks in the AFM fonts parser when writing\n data to a memory buffer allocated on heap could lead to arbitrary\n memory overwrite and arbitrary code execution.\n\nCVE-2010-2643\n\n Insuficient check on an integer used as a size for memory\n allocation can lead to arbitrary write outside the allocated range\n and cause arbitrary code execution.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.22.2-4~lenny2.\n\nFor the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641\nand CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for\nCVE-2010-2642 was incomplete. The final fix is present in version\n2.30.3-2+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.0.2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.0.2.\n\nWe recommend that you upgrade your evince packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2011-12-04T10:54:47", "published": "2011-12-04T10:54:47", "id": "DEBIAN:DSA-2357-1:710D7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00235.html", "title": "[SECURITY] [DSA 2357-1] evince security update", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:24:29", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0764", "CVE-2011-1552", "CVE-2010-2642", "CVE-2011-1554", "CVE-2011-1553", "CVE-2011-0433"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2388-1 security@debian.org\nhttp://www.debian.org/security/ Yves-Alexis Perez\nJanuary 14, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : t1lib\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552\n CVE-2011-1553 CVE-2011-1554\nDebian Bug : 652996\n\nSeveral vulnerabilities were discovered in t1lib, a Postscript Type 1\nfont rasterizer library, some of which might lead to code execution\nthrough the opening of files embedding bad fonts.\n\nCVE-2010-2642\n\tA heap-based buffer overflow in the AFM font metrics parser\n\tpotentially leads to the execution of arbitrary code.\n\nCVE-2011-0433\n\tAnother heap-based buffer overflow in the AFM font metrics\n\tparser potentially leads to the execution of arbitrary code.\n\nCVE-2011-0764\n\tAn invalid pointer dereference allows execution of arbitrary\n\tcode using crafted Type 1 fonts.\n\nCVE-2011-1552\n\tAnother invalid pointer dereference results in an application\n\tcrash, triggered by crafted Type 1 fonts.\n\nCVE-2011-1553\n\tA use-after-free vulnerability results in an application\n\tcrash, triggered by crafted Type 1 fonts.\n\nCVE-2011-1554\n\tAn off-by-one error results in an invalid memory read and\n\tapplication crash, triggered by crafted Type 1 fonts.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.1.2-3+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 5.1.2-3+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 5.1.2-3.3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.1.2-3.3.\n\nWe recommend that you upgrade your t1lib packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2012-01-15T10:26:10", "published": "2012-01-15T10:26:10", "id": "DEBIAN:DSA-2388-1:53F5F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00011.html", "title": "[SECURITY] [DSA 2388-1] t1lib security update", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:29:20", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0764", "CVE-2011-1552", "CVE-2010-2642", "CVE-2011-1554", "CVE-2011-1553", "CVE-2011-0433"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0137\n\n\nTeX Live is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output. The texlive packages provide a number of\nutilities, including dvips.\n\nTeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize\nbitmaps from PostScript Type 1 fonts. The following issues affect t1lib\ncode:\n\nTwo heap-based buffer overflow flaws were found in the way t1lib processed\nAdobe Font Metrics (AFM) files. If a specially-crafted font file was opened\nby a TeX Live utility, it could cause the utility to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the utility.\n(CVE-2010-2642, CVE-2011-0433)\n\nAn invalid pointer dereference flaw was found in t1lib. A specially-crafted\nfont file could, when opened, cause a TeX Live utility to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe utility. (CVE-2011-0764)\n\nA use-after-free flaw was found in t1lib. A specially-crafted font file\ncould, when opened, cause a TeX Live utility to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the utility.\n(CVE-2011-1553)\n\nAn off-by-one flaw was found in t1lib. A specially-crafted font file could,\nwhen opened, cause a TeX Live utility to crash or, potentially, execute\narbitrary code with the privileges of the user running the utility.\n(CVE-2011-1554)\n\nAn out-of-bounds memory read flaw was found in t1lib. A specially-crafted\nfont file could, when opened, cause a TeX Live utility to crash.\n(CVE-2011-1552)\n\nRed Hat would like to thank the Evince development team for reporting\nCVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the\noriginal reporter of CVE-2010-2642.\n\nAll users of texlive are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030477.html\n\n**Affected packages:**\nkpathsea\nkpathsea-devel\nmendexk\ntexlive\ntexlive-afm\ntexlive-context\ntexlive-dvips\ntexlive-dviutils\ntexlive-east-asian\ntexlive-latex\ntexlive-utils\ntexlive-xetex\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0137.html", "edition": 3, "modified": "2012-02-16T13:36:55", "published": "2012-02-16T13:36:55", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030477.html", "id": "CESA-2012:0137", "title": "kpathsea, mendexk, texlive security update", "type": "centos", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:29:02", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0764", "CVE-2011-1552", "CVE-2010-2642", "CVE-2011-1554", "CVE-2011-1553", "CVE-2011-0433"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0062\n\n\nThe t1lib library allows you to rasterize bitmaps from PostScript Type 1\nfonts.\n\nTwo heap-based buffer overflow flaws were found in the way t1lib processed\nAdobe Font Metrics (AFM) files. If a specially-crafted font file was opened\nby an application linked against t1lib, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-2642, CVE-2011-0433)\n\nAn invalid pointer dereference flaw was found in t1lib. A specially-crafted\nfont file could, when opened, cause an application linked against t1lib to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2011-0764)\n\nA use-after-free flaw was found in t1lib. A specially-crafted font file\ncould, when opened, cause an application linked against t1lib to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2011-1553)\n\nAn off-by-one flaw was found in t1lib. A specially-crafted font file could,\nwhen opened, cause an application linked against t1lib to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2011-1554)\n\nAn out-of-bounds memory read flaw was found in t1lib. A specially-crafted\nfont file could, when opened, cause an application linked against t1lib to\ncrash. (CVE-2011-1552)\n\nRed Hat would like to thank the Evince development team for reporting\nCVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the\noriginal reporter of CVE-2010-2642.\n\nAll users of t1lib are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All applications linked\nagainst t1lib must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/030433.html\n\n**Affected packages:**\nt1lib\nt1lib-apps\nt1lib-devel\nt1lib-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0062.html", "edition": 3, "modified": "2012-01-30T20:25:25", "published": "2012-01-30T20:25:25", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/030433.html", "id": "CESA-2012:0062", "title": "t1lib security update", "type": "centos", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:34:46", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0764", "CVE-2011-1552", "CVE-2010-2642", "CVE-2011-1554", "CVE-2011-1553", "CVE-2011-0433"], "description": "**Issue Overview:**\n\nTeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code:\n\nTwo heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by a TeX Live utility, it could cause the utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. ([CVE-2010-2642 __](<https://access.redhat.com/security/cve/CVE-2010-2642>), [CVE-2011-0433 __](<https://access.redhat.com/security/cve/CVE-2011-0433>))\n\nAn invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. ([CVE-2011-0764 __](<https://access.redhat.com/security/cve/CVE-2011-0764>))\n\nA use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. ([CVE-2011-1553 __](<https://access.redhat.com/security/cve/CVE-2011-1553>))\n\nAn off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. ([CVE-2011-1554 __](<https://access.redhat.com/security/cve/CVE-2011-1554>))\n\nAn out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash. ([CVE-2011-1552 __](<https://access.redhat.com/security/cve/CVE-2011-1552>))\n\n \n**Affected Packages:** \n\n\ntexlive\n\n \n**Issue Correction:** \nRun _yum update texlive_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n texlive-dviutils-2007-57.9.amzn1.i686 \n kpathsea-2007-57.9.amzn1.i686 \n texlive-context-2007-57.9.amzn1.i686 \n texlive-afm-2007-57.9.amzn1.i686 \n mendexk-2.6e-57.9.amzn1.i686 \n texlive-xetex-2007-57.9.amzn1.i686 \n texlive-east-asian-2007-57.9.amzn1.i686 \n texlive-debuginfo-2007-57.9.amzn1.i686 \n texlive-utils-2007-57.9.amzn1.i686 \n texlive-dvips-2007-57.9.amzn1.i686 \n texlive-latex-2007-57.9.amzn1.i686 \n kpathsea-devel-2007-57.9.amzn1.i686 \n texlive-2007-57.9.amzn1.i686 \n \n src: \n texlive-2007-57.9.amzn1.src \n \n x86_64: \n texlive-dvips-2007-57.9.amzn1.x86_64 \n mendexk-2.6e-57.9.amzn1.x86_64 \n texlive-2007-57.9.amzn1.x86_64 \n kpathsea-2007-57.9.amzn1.x86_64 \n texlive-debuginfo-2007-57.9.amzn1.x86_64 \n texlive-context-2007-57.9.amzn1.x86_64 \n texlive-afm-2007-57.9.amzn1.x86_64 \n texlive-latex-2007-57.9.amzn1.x86_64 \n texlive-utils-2007-57.9.amzn1.x86_64 \n texlive-xetex-2007-57.9.amzn1.x86_64 \n texlive-east-asian-2007-57.9.amzn1.x86_64 \n texlive-dviutils-2007-57.9.amzn1.x86_64 \n kpathsea-devel-2007-57.9.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-03-04T16:08:00", "published": "2012-03-04T16:08:00", "id": "ALAS-2012-048", "href": "https://alas.aws.amazon.com/ALAS-2012-48.html", "title": "Medium: texlive", "type": "amazon", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:37:21", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0764", "CVE-2011-1552", "CVE-2010-2642", "CVE-2011-1554", "CVE-2011-1553", "CVE-2011-0433"], "description": "**Issue Overview:**\n\nTwo heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2010-2642 __](<https://access.redhat.com/security/cve/CVE-2010-2642>), [CVE-2011-0433 __](<https://access.redhat.com/security/cve/CVE-2011-0433>))\n\nAn invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2011-0764 __](<https://access.redhat.com/security/cve/CVE-2011-0764>))\n\nA use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2011-1553 __](<https://access.redhat.com/security/cve/CVE-2011-1553>))\n\nAn off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2011-1554 __](<https://access.redhat.com/security/cve/CVE-2011-1554>))\n\nAn out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash. ([CVE-2011-1552 __](<https://access.redhat.com/security/cve/CVE-2011-1552>))\n\n \n**Affected Packages:** \n\n\nt1lib\n\n \n**Issue Correction:** \nRun _yum update t1lib_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n t1lib-debuginfo-5.1.2-6.5.amzn1.i686 \n t1lib-5.1.2-6.5.amzn1.i686 \n t1lib-static-5.1.2-6.5.amzn1.i686 \n t1lib-devel-5.1.2-6.5.amzn1.i686 \n t1lib-apps-5.1.2-6.5.amzn1.i686 \n \n src: \n t1lib-5.1.2-6.5.amzn1.src \n \n x86_64: \n t1lib-static-5.1.2-6.5.amzn1.x86_64 \n t1lib-debuginfo-5.1.2-6.5.amzn1.x86_64 \n t1lib-apps-5.1.2-6.5.amzn1.x86_64 \n t1lib-devel-5.1.2-6.5.amzn1.x86_64 \n t1lib-5.1.2-6.5.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-02-02T14:26:00", "published": "2012-02-02T14:26:00", "id": "ALAS-2012-040", "href": "https://alas.aws.amazon.com/ALAS-2012-40.html", "title": "Medium: t1lib", "type": "amazon", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}]}