10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.4 Medium
AI Score
Confidence
Low
0.086 Low
EPSS
Percentile
94.5%
The remote host is missing an update to xemacs
announced via advisory FEDORA-2009-8993.
# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.64817");
script_version("2023-07-18T05:05:36+0000");
script_tag(name:"last_modification", value:"2023-07-18 05:05:36 +0000 (Tue, 18 Jul 2023)");
script_tag(name:"creation_date", value:"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)");
script_cve_id("CVE-2009-2688");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Fedora Core 11 FEDORA-2009-8993 (xemacs)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 E-Soft Inc.");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC11");
script_tag(name:"insight", value:"Update Information:
This update fixes multiple buffer overflows when reading large image files, or
maliciously created image files whose headers misrepresent the actual image
size.
The update also addresses multiple font issues, some of which cause
warnings on startup. Some warnings remain, however, unless an ISO8859-13 fonts
(e.g., terminus) is installed. Also note that some warnings remain on Rawhide
pending a resolution for bz 507637.
ChangeLog:
* Mon Aug 24 2009 Jerry James - 21.5.29-2
- Fix image overflow bug (CVE-2009-2688).
- Fix calling xft-font-create-object in non-Xft builds (#512623).
- Rebase patches to eliminate fuzz/offsets.");
script_tag(name:"solution", value:"Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update xemacs' at the command line.");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8993");
script_tag(name:"summary", value:"The remote host is missing an update to xemacs
announced via advisory FEDORA-2009-8993.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=511994");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"xemacs", rpm:"xemacs~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-common", rpm:"xemacs-common~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-devel", rpm:"xemacs-devel~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-el", rpm:"xemacs-el~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-nox", rpm:"xemacs-nox~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-debuginfo", rpm:"xemacs-debuginfo~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-info", rpm:"xemacs-info~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}