Mandriva Update for libvpx MDVSA-2012:023 (libvpx)
2012-03-09T00:00:00
ID OPENVAS:1361412562310831553 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2018-11-16T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for libvpx MDVSA-2012:023 (libvpx)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_xref(name:"URL", value:"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:023");
script_oid("1.3.6.1.4.1.25623.1.0.831553");
script_version("$Revision: 12381 $");
script_tag(name:"last_modification", value:"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $");
script_tag(name:"creation_date", value:"2012-03-09 19:18:09 +0530 (Fri, 09 Mar 2012)");
script_cve_id("CVE-2012-0823");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_xref(name:"MDVSA", value:"2012:023");
script_name("Mandriva Update for libvpx MDVSA-2012:023 (libvpx)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'libvpx'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release", re:"ssh/login/release=MNDK_(2011\.0|2010\.1)");
script_tag(name:"affected", value:"libvpx on Mandriva Linux 2011.0,
Mandriva Linux 2010.1");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"A vulnerability has been found and corrected in libvpx:
VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers
to cause a denial of service (application crash) via (1) unspecified
corrupt input or (2) by starting decoding from a P-frame, which
triggers an out-of-bounds read, related to the clamping of motion
vectors in SPLITMV blocks (CVE-2012-0823).
The updated packages have been patched to correct this issue.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "MNDK_2011.0")
{
if ((res = isrpmvuln(pkg:"libvpx0", rpm:"libvpx0~0.9.7~0.2", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libvpx-devel", rpm:"libvpx-devel~0.9.7~0.2", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libvpx-utils", rpm:"libvpx-utils~0.9.7~0.2", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64vpx0", rpm:"lib64vpx0~0.9.7~0.2", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64vpx-devel", rpm:"lib64vpx-devel~0.9.7~0.2", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "MNDK_2010.1")
{
if ((res = isrpmvuln(pkg:"libvpx0", rpm:"libvpx0~0.9.7~0.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libvpx-devel", rpm:"libvpx-devel~0.9.7~0.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libvpx-utils", rpm:"libvpx-utils~0.9.7~0.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64vpx0", rpm:"lib64vpx0~0.9.7~0.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64vpx-devel", rpm:"lib64vpx-devel~0.9.7~0.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310831553", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for libvpx MDVSA-2012:023 (libvpx)", "description": "The remote host is missing an update for the ", "published": "2012-03-09T00:00:00", "modified": "2018-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831553", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:023", "2012:023"], "cvelist": ["CVE-2012-0823"], "lastseen": "2019-05-29T18:38:47", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0823"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310831555", "OPENVAS:831555", "OPENVAS:831553"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12236", "SECURITYVULNS:DOC:27728"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2012-023.NASL"]}], "modified": "2019-05-29T18:38:47", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:38:47", "rev": 2}, "vulnersScore": 6.1}, "pluginID": "1361412562310831553", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libvpx MDVSA-2012:023 (libvpx)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:023\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831553\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 19:18:09 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2012-0823\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:023\");\n script_name(\"Mandriva Update for libvpx MDVSA-2012:023 (libvpx)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvpx'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|2010\\.1)\");\n script_tag(name:\"affected\", value:\"libvpx on Mandriva Linux 2011.0,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been found and corrected in libvpx:\n\n VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers\n to cause a denial of service (application crash) via (1) unspecified\n corrupt input or (2) by starting decoding from a P-frame, which\n triggers an out-of-bounds read, related to the clamping of motion\n vectors in SPLITMV blocks (CVE-2012-0823).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvpx0\", rpm:\"libvpx0~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-devel\", rpm:\"libvpx-devel~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-utils\", rpm:\"libvpx-utils~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx0\", rpm:\"lib64vpx0~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx-devel\", rpm:\"lib64vpx-devel~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvpx0\", rpm:\"libvpx0~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-devel\", rpm:\"libvpx-devel~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-utils\", rpm:\"libvpx-utils~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx0\", rpm:\"lib64vpx0~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx-devel\", rpm:\"lib64vpx-devel~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:59:46", "description": "VP8 Codec SDK (libvpx) before 1.0.0 \"Duclair\" allows remote attackers to cause a denial of service (application crash) via (1) unspecified \"corrupt input\" or (2) by \"starting decoding from a P-frame,\" which triggers an out-of-bounds read, related to \"the clamping of motion vectors in SPLITMV blocks\".", "edition": 7, "cvss3": {}, "published": "2012-02-23T20:07:00", "title": "CVE-2012-0823", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0823"], "modified": "2020-07-29T18:15:00", "cpe": ["cpe:/a:webmproject:libvpx:0.9.0", "cpe:/a:webmproject:libvpx:0.9.6", "cpe:/a:webmproject:libvpx:0.9.7", "cpe:/a:webmproject:libvpx:0.9.1", "cpe:/a:webmproject:libvpx:0.9.5", "cpe:/a:webmproject:libvpx:0.9.2"], "id": "CVE-2012-0823", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0823", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:webmproject:libvpx:0.9.7:p1:*:*:*:*:*:*", "cpe:2.3:a:webmproject:libvpx:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:webmproject:libvpx:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:webmproject:libvpx:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:webmproject:libvpx:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:webmproject:libvpx:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:webmproject:libvpx:0.9.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-06T13:07:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0823"], "description": "Check for the Version of libvpx", "modified": "2018-01-05T00:00:00", "published": "2012-03-09T00:00:00", "id": "OPENVAS:831553", "href": "http://plugins.openvas.org/nasl.php?oid=831553", "type": "openvas", "title": "Mandriva Update for libvpx MDVSA-2012:023 (libvpx)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libvpx MDVSA-2012:023 (libvpx)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in libvpx:\n\n VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers\n to cause a denial of service (application crash) via (1) unspecified\n corrupt input or (2) by starting decoding from a P-frame, which\n triggers an out-of-bounds read, related to the clamping of motion\n vectors in SPLITMV blocks (CVE-2012-0823).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"libvpx on Mandriva Linux 2011.0,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:023\");\n script_id(831553);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 19:18:09 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2012-0823\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:023\");\n script_name(\"Mandriva Update for libvpx MDVSA-2012:023 (libvpx)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libvpx\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvpx0\", rpm:\"libvpx0~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-devel\", rpm:\"libvpx-devel~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-utils\", rpm:\"libvpx-utils~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx0\", rpm:\"lib64vpx0~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx-devel\", rpm:\"lib64vpx-devel~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvpx0\", rpm:\"libvpx0~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-devel\", rpm:\"libvpx-devel~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-utils\", rpm:\"libvpx-utils~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx0\", rpm:\"lib64vpx0~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx-devel\", rpm:\"lib64vpx-devel~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:06:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0823"], "description": "Check for the Version of libvpx", "modified": "2018-01-09T00:00:00", "published": "2012-03-07T00:00:00", "id": "OPENVAS:831555", "href": "http://plugins.openvas.org/nasl.php?oid=831555", "type": "openvas", "title": "Mandriva Update for libvpx MDVSA-2012:023-1 (libvpx)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libvpx MDVSA-2012:023-1 (libvpx)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in libvpx:\n\n VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers\n to cause a denial of service (application crash) via (1) unspecified\n corrupt input or (2) by starting decoding from a P-frame, which\n triggers an out-of-bounds read, related to the clamping of motion\n vectors in SPLITMV blocks (CVE-2012-0823).\n\n The updated packages have been patched to correct this issue.\n\n Update:\n\n This is a symbolic advisory correction because there was a clash with\n MDVSA-2012:023 that addressed libxml2.\";\n\ntag_affected = \"libvpx on Mandriva Linux 2011.0,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:023-1\");\n script_id(831555);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:20:40 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2012-0823\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:023-1\");\n script_name(\"Mandriva Update for libvpx MDVSA-2012:023-1 (libvpx)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libvpx\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvpx0\", rpm:\"libvpx0~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-devel\", rpm:\"libvpx-devel~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-utils\", rpm:\"libvpx-utils~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx0\", rpm:\"lib64vpx0~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx-devel\", rpm:\"lib64vpx-devel~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvpx0\", rpm:\"libvpx0~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-devel\", rpm:\"libvpx-devel~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-utils\", rpm:\"libvpx-utils~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx0\", rpm:\"lib64vpx0~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx-devel\", rpm:\"lib64vpx-devel~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0823"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-03-07T00:00:00", "id": "OPENVAS:1361412562310831555", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831555", "type": "openvas", "title": "Mandriva Update for libvpx MDVSA-2012:023-1 (libvpx)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libvpx MDVSA-2012:023-1 (libvpx)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:023-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831555\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:20:40 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2012-0823\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:023-1\");\n script_name(\"Mandriva Update for libvpx MDVSA-2012:023-1 (libvpx)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvpx'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|2010\\.1)\");\n script_tag(name:\"affected\", value:\"libvpx on Mandriva Linux 2011.0,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been found and corrected in libvpx:\n\n VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers\n to cause a denial of service (application crash) via (1) unspecified\n corrupt input or (2) by starting decoding from a P-frame, which\n triggers an out-of-bounds read, related to the clamping of motion\n vectors in SPLITMV blocks (CVE-2012-0823).\n\n The updated packages have been patched to correct this issue.\n\n Update:\n\n This is a symbolic advisory correction because there was a clash with\n MDVSA-2012:023 that addressed libxml2.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvpx0\", rpm:\"libvpx0~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-devel\", rpm:\"libvpx-devel~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-utils\", rpm:\"libvpx-utils~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx0\", rpm:\"lib64vpx0~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx-devel\", rpm:\"lib64vpx-devel~0.9.7~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvpx0\", rpm:\"libvpx0~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-devel\", rpm:\"libvpx-devel~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvpx-utils\", rpm:\"libvpx-utils~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx0\", rpm:\"lib64vpx0~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vpx-devel\", rpm:\"lib64vpx-devel~0.9.7~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0823"], "description": "Few DoS conditions.", "edition": 1, "modified": "2012-03-09T00:00:00", "published": "2012-03-09T00:00:00", "id": "SECURITYVULNS:VULN:12236", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12236", "title": "libvpx security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "cvelist": ["CVE-2012-0823"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:023-1\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : libvpx\r\n Date : February 28, 2012\r\n Affected: 2010.1, 2011.\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been found and corrected in libvpx:\r\n \r\n VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers\r\n to cause a denial of service (application crash) via (1) unspecified\r\n corrupt input or (2) by starting decoding from a P-frame, which\r\n triggers an out-of-bounds read, related to the clamping of motion\r\n vectors in SPLITMV blocks (CVE-2012-0823).\r\n \r\n The updated packages have been patched to correct this issue.\r\n\r\n Update:\r\n\r\n This is a symbolic advisory correction because there was a clash with\r\n MDVSA-2012:023 that addressed libxml2.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0823\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.1:\r\n 80595bcf9605087872ef9e76988c06fb 2010.1/i586/libvpx0-0.9.7-0.2mdv2010.2.i586.rpm\r\n 6a39a655e52324d5454df93c54803e1d 2010.1/i586/libvpx-devel-0.9.7-0.2mdv2010.2.i586.rpm\r\n 36669f19119055daa1c65a4341bf00ee 2010.1/i586/libvpx-utils-0.9.7-0.2mdv2010.2.i586.rpm \r\n efbc2e9f8338a146ed9bb4a8133ee3d0 2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 7d42ba1449797b928a025d82fbbf2a65 2010.1/x86_64/lib64vpx0-0.9.7-0.2mdv2010.2.x86_64.rpm\r\n 05101dfd30ef938952f61705a1394705 2010.1/x86_64/lib64vpx-devel-0.9.7-0.2mdv2010.2.x86_64.rpm\r\n 20e10865900d2a24d58b7677098057e8 2010.1/x86_64/libvpx-utils-0.9.7-0.2mdv2010.2.x86_64.rpm \r\n efbc2e9f8338a146ed9bb4a8133ee3d0 2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2011:\r\n e77c03974267d8b697fce1944dc7627b 2011/i586/libvpx0-0.9.7-0.2-mdv2011.0.i586.rpm\r\n e52f1469cdf005a7a8e2855a65bfde2f 2011/i586/libvpx-devel-0.9.7-0.2-mdv2011.0.i586.rpm\r\n 6fbe1b807480c8c86d482cef51f5cc7d 2011/i586/libvpx-utils-0.9.7-0.2-mdv2011.0.i586.rpm \r\n e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n 81c2210c4f37421a22a877599304b5a4 2011/x86_64/lib64vpx0-0.9.7-0.2-mdv2011.0.x86_64.rpm\r\n 02f987fb0972c5b45a91a3d02060923f 2011/x86_64/lib64vpx-devel-0.9.7-0.2-mdv2011.0.x86_64.rpm\r\n a7d46c97d8294236422b37a8359ba64d 2011/x86_64/libvpx-utils-0.9.7-0.2-mdv2011.0.x86_64.rpm \r\n e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFPTL06mqjQ0CJFipgRAmSwAKC3SrXDSm5poitKzRLbK3HdV0s5XwCgqOwj\r\nGCMzTwqDabkLHPmw9/sT7lk=\r\n=XrZF\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-03-09T00:00:00", "published": "2012-03-09T00:00:00", "id": "SECURITYVULNS:DOC:27728", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27728", "title": "[ MDVSA-2012:023-1 ] libvpx", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T11:53:35", "description": "A vulnerability has been found and corrected in libvpx :\n\nVP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers to\ncause a denial of service (application crash) via (1) unspecified\ncorrupt input or (2) by starting decoding from a P-frame, which\ntriggers an out-of-bounds read, related to the clamping of motion\nvectors in SPLITMV blocks (CVE-2012-0823).\n\nThe updated packages have been patched to correct this issue.\n\nUpdate :\n\nThis is a symbolic advisory correction because there was a clash with\nMDVSA-2012:023 that addressed libxml2.", "edition": 25, "published": "2012-02-23T00:00:00", "title": "Mandriva Linux Security Advisory : libvpx (MDVSA-2012:023-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0823"], "modified": "2012-02-23T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libvpx-utils", "p-cpe:/a:mandriva:linux:libvpx-devel", "p-cpe:/a:mandriva:linux:libvpx0", "p-cpe:/a:mandriva:linux:lib64vpx-devel", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:lib64vpx0"], "id": "MANDRIVA_MDVSA-2012-023.NASL", "href": "https://www.tenable.com/plugins/nessus/58103", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:023. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58103);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0823\");\n script_bugtraq_id(51775, 52107);\n script_xref(name:\"MDVSA\", value:\"2012:023-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libvpx (MDVSA-2012:023-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in libvpx :\n\nVP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers to\ncause a denial of service (application crash) via (1) unspecified\ncorrupt input or (2) by starting decoding from a P-frame, which\ntriggers an out-of-bounds read, related to the clamping of motion\nvectors in SPLITMV blocks (CVE-2012-0823).\n\nThe updated packages have been patched to correct this issue.\n\nUpdate :\n\nThis is a symbolic advisory correction because there was a clash with\nMDVSA-2012:023 that addressed libxml2.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vpx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vpx0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvpx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvpx-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvpx0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64vpx-devel-0.9.7-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64vpx0-0.9.7-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libvpx-devel-0.9.7-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libvpx-utils-0.9.7-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libvpx0-0.9.7-0.2mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64vpx-devel-0.9.7-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64vpx0-0.9.7-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libvpx-devel-0.9.7-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libvpx-utils-0.9.7-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libvpx0-0.9.7-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
